So, I showed my site to my friend, the lovely Ally, today. She found an SQL injection vulnerability and promptly (after she warned me to back up my stuff!!) deleted every post on my blog.

Oh my stars.

I actually got so scared. Seeing everything disappear like that. And not only that, but me editing stuff live trying to fix the vulnerability but having to learn on the fly. Hhh! Overwhelming!!

It's all good now, though. I had to restore from a backup, but all of my posts are here once again. Nothing seems to be lost, the vulnerability was patched, and I learned my lesson.

Always use prepare instead of query for SELECT, so you can use bindValue!!