attack

Most SQL-injection articles set a horrible example for young programmers. Here is a very typical “bad example” of why you need to escape user data before it goes into SQL queries: (ed. The