How did I miss THIS yesterday?
Seems the web developers at MySQL skipped out on their best practices 101 class … you know, the day they talked about binding parameters.
Of course, that’s every developer’s knee-jerk reaction. I’m sure if you searched all of our code long enough, you’d see some improperly escaped SQL in there somewhere.
Although, I’m puzzled as to how this would have gotten through a formal code review. Interesting, no doubt.
Now, I’m off to change my MySQL.com account passwords…