| ▲ | Aachen 9 hours ago | |
When browsers implement a variant that lets you separate data and code perhaps. That's what I expected when reading the headline: setHtml(code, data, data, ...), just like parameterised SQL works: prepare("select rowid from %s where time < %n", tablename, mynumber) This new method they've cooked up would be called eval(code,options) if html was anything other than a markup language | ||
| ▲ | itishappy 9 hours ago | parent [-] | |
tablenames cannot be parameterized in SQL https://stackoverflow.com/questions/78516750/parametrize-tab... | ||