The state of PHP security

Posted Dec 22, 2006 10:03 UTC (Fri) by kov (subscriber, #7423)
In reply to: The state of PHP security by denials
Parent article: The state of PHP security

Every programming language uses strings for SQL statements. You can concatenate those strings and make mistakes in every language.

True. But many languages provide APIs that do _not_ use strings for SQL statements, and that are usually the recommended way of doing SQL.