[CentOS] C5 MySQL injection attack ("Union Select")
Александр Кириллов
nevis2us at infoline.su
Thu Mar 24 11:53:28 UTC 2016
> Be careful with WordPress - it's database handler doesn't actually use
> parameterized statements, it emulates them with printf - one (of many)
> reasons I do not like the product.
This is a rather controversial statement. There's nothing wrong with
using sprintf when building sql queries. Besides
"Using a prepared statement is not always the most efficient way of
executing a statement. A prepared statement executed only once causes
more client-server round-trips than a non-prepared statement."
More information about the CentOS
mailing list