Unless I'm missing something here, lacking parametrization is not the issue here...

		BoppreH on May 7, 2014 \| parent \| context \| favorite \| on: We'd lose our security certificate if we allowed p... Unless I'm missing something here, lacking parametrization is not the issue here. The issue is that it's obvious they are saving the password in plaintext instead of hashing it, otherwise the password would never get close to an SQL query to allow injection.