alt Hacker NewsI don't think strong development teams are still letting SQL injection vulnerabilities through by manually concatenating strings to build queries with user-provided data. Not in the year 2026.
Replies
simonw • today at 4:51 PM
Good frameworks can protect against SQL injection and XSS (through default escaping of output variables) but protecting against insecure direct object access is a lot harder.
IshKebab • today at 5:27 PM
Yeah this is a huge red flag that would make me avoid this project for sure.
Unfortunately you have no easy way of checking if closed source projects are similarly amateur.
Keep in mind this project is a 25 year old PHP application.