Hacker News new | past | comments | ask | show | jobs | submit login

That is not how you do parameterized queries. With any civilized database library, it would be something along the lines of `"WHERE a = ? AND b = ?", data.x, data.y`, so that the parameters are like function parameters.

I've said similar because of this, so your comment is included in my statement. That doesn't change much

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact