Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'd bet that patterns like

    $db->execute("INSERT INTO USERACCOUNTS ('username','password') VALUES ('".$_POST['username']."','".$_POST['password']."')");
are more common than anyone wants to believe.


The PHP manual pages are full of user comments with helpful suggestions just like that, which incompetent programmers copy and paste into production systems. But I think of it as a good thing, an instance of evolution in action, because banks that hire such stupid programmers deserve to have all their money stolen from them.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: