Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I get the point you’re trying to make, but the blame doesn’t really lay with php.

Like most things introduced in early php, the mysql extension was just wrapping c functions.

The concept of “real” escape comes from mysqls’ C API: https://dev.mysql.com/doc/c-api/5.6/en/mysql-real-escape-str...



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: