Seems to be they’re dropping the passwords in the database in plain text, but they’re deathly afraid that someone will drop a '; in there or something and the insert will break.
Notwithstanding that storing passwords in plain text is a slapping with the 10 foot rubber chicken, but mysqli_real_escape_string() or any number of other similar solutions are indeed a thing that exists. A prepared statement would work, too.
Seems to be they’re dropping the passwords in the database in plain text, but they’re deathly afraid that someone will drop a '; in there or something and the insert will break.
Notwithstanding that storing passwords in plain text is a slapping with the 10 foot rubber chicken, but mysqli_real_escape_string() or any number of other similar solutions are indeed a thing that exists. A prepared statement would work, too.