Hacker News new | past | comments | ask | show | jobs | submit login 

    $query = "SELECT " + $_POST["foo"] + "...";
    db_run_whatever($query);
What you call that depends on what you know about the situation and the bigger picture.

It doesn't change what it is, or what it implies.




Applications are open for YC Summer 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: