DEV Community

Discussion on: How many email addresses do you use?

Collapse
thebouv profile image
Anthony Bouvier

Hopefully doing more than just encoding/escaping -- never place user data directly into a SQL statement! Always use placeholders like ? or whatever your flavor of DB allows. And if it doesn't allow for that, really think hard about why you're using that db (or db sdk)!

Thread Thread
davidhughes profile image
David Hughes

Fair, I just wanted to throw in something about security after making the questionably phrased statement of 'trust user input' :D