Comment by cstdr
3 hours ago
Escaping is 100% safe and for certain queries the only possible way. Prepared statements don't exist for escaping inputs but to parameterize queries. If your data is heavily skewed or you use operators like > or < they can exhibit desastrous performance.
No comments yet
Contribute on Hacker News ↗