Hacker News new | past | comments | ask | show | jobs | submit login

    $query = "SELECT " + $_POST["foo"] + "...";
    db_run_whatever($query);
What you call that depends on what you know about the situation and the bigger picture.

It doesn't change what it is, or what it implies.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: