| http://www.w3.org/ns/prov#value | - If anything you are doing ends up working with stored procedures that do concatenation internally, your prepared statements can still end up allowing a SQL injection.Prepared statements are a very, very good idea that provides a lot of built-in resistance to SQL injection, but they are not bulletproof.
|
