This may be more of a rhetorical question but I would be interested in the answers.
Why doesn't everyone just use bound parameters and a cleansed Order By instead of my_sql_real_escape?
I am doing a complete recode of my side from ASP Classic to PHP and want to get it right. I used escapes and scripts to cleanse my site but I did some Googling and asked questions and found that using bound parameters is not as tough as I thought. And even if I weren't recoding my site I would rewrite the SQL to include these. The hour a day for a few weeks it would take is worth the piece of mind. This also means cleansing all my ORDER BYs too.
Am I missing something????
