Author has been a prolific contributor to PHPClasses, so I don't wish to "hurt his feelings" but...
This code exhibits BAD coding practices. Does the site staff not have a responsibility to review/reject submissions which lack attention to input validation? Do we not have a collective responsibility to perform peer review of submitted code and to press for "best practices"?
echo "some static string";
(example of unnecessary string eval)
(example of NOT ON _MY_ WATCH dammit)
echo "<option value='".$val["ID"]."'>".$val["level_name"]."</option>";
( Let's see.. should I use quot, or quotquot, or "quotey dot quotey" )
Arturs Sosins - 2014-03-21 06:58:23 - In reply to message 2 from Yakim
No hard feelings :)
Maybe you are right, but in my defense, I was using prepared queries, which by definition, does not require sanitizing:
"The purpose of prepared statements is to not include data in your SQL statements. Including them in your SQL statements is NOT safe. Always use prepared statements. They are cleaner to use (code easier to read) and not prone to SQL injections."