Keep in mind this project is a 25 year old PHP application.

That actually makes it more confusing since a 25 year old PHP application is exactly where you'd expect to find SQL injection vulnerabilities.

If I were in charge of a 25 year old PHP application, tracking down every SQL query and converting it to a safe form would high on my list of priorities. You don't need AI for that, just ripgrep and a basic amount of care for your users.

▲

whythismatters 2 days ago | parent | next [-]

Most (proprietary) 25 year old PHP codebases I've seen are a huge mess riddled with issues, exuberant loc, mix of tabs and spaces and weird indentation, dry violations, slightly diverging code blocks copy-pasted all over the place, etc., etc. Resolving technical debt (let alone reviewing the "stuff that works" like SQL queries) is often low priority because it's tedious and does not create any "business value".

▲

otabdeveloper4 2 days ago | parent | prev [-]

Replacing/automating manual ripgrep is a top-1 use case for AI though.

	▲	pseudalopex 2 days ago \| parent [-]
		Their point was a competent team would have done this since 10 or 20 years I thought.