Original: Injection Transcription ↓real story; string sender; sender = "Diego Pablo"; Programmer: You shouldn't pass a form field value right to the SQL. A hacker could manipulate your query! Alonso: Oh, but I don't do this! First I put the value on a variable, then the variable goes to the SQL! Programmer: PLAFT!(…) leia mais