Usages of MySQLi but not prepared statements.

[JABirchall]

I dont know why you decided to change from mysql to mysqli, Maybe it was because of the php warnings, maybe it was because you read up in why MySQL functions are being removed.

the fact is mysql and methods used to sanitize are not safe, PDO and MySQLi are safe if you use prepared statements.
example

$sql = "
    INSERT INTO
        `memory` (`name`, `type`, `target`, `value`, `created`, `modified`)
    VALUES (
        '".addslashes($name)."',
        '".addslashes($type)."',
        '".addslashes($target)."',
        '".addslashes($sql_value)."',
        NOW(),
        NOW()
)";

can be better sanitized with

$sql = "
    INSERT INTO `memory` (`name`, `type`, `target`, `value`, `created`, `modified`)
    VALUES (?,?,?,?,NOW(),NOW())
";
$this->MySQL->bind_param($name, $type, $target, $sql_value);// the variables can be assigned anytime after or before the prepare untill executed
// More code?
$this->MySQL->execute();

I would help you out but you state development is exclusive by you, BTW Im building a Twitch bot usiong you bot since nimda2 is outdated as off php 5.6 :P

[noother]

Satements like this are exactly why I want core-development to be exclusive to me..
The fact is™, mysql & methods to sanitize ARE safe IF you know what's happening and use them correctly.
So, sorry, not interested in prepared statements nor PDO - I neither want the negative performance impact by sanitizing unnecessary stuff, nor do I want 3 php statements instead of 1 - thanks anyway.

Prepared statements is not the only thing MySQLi introduced.

Nimda2 is completely outdated & just there for archival purposes.