Hacker News new | past | comments | ask | show | jobs | submit login

    $query = "SELECT " + $_POST["foo"] + "...";
    db_run_whatever($query);
What you call that depends on what you know about the situation and the bigger picture.

It doesn't change what it is, or what it implies.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: