Actually, what I really wanted to blog about before getting carried away with irony yesterday was an old idea on how to force my developers to use placeholders exclusively for SQL queries in applications. As should be apparent from yesterdays blog entry, I am strongly in favour of using placeholders for interpolating values into SQL… Continue reading Placeholders and SQL injection, part 2
Tag: security
Placeholders and SQL injection
It is sad to see how 9X% (or should that be 99.X%?) of SQL applications are riddled with SQL injection bugs. There really is no excuse for this. Nobody writes code like this: sub stupid_sum { my ($list) = @_; my $string = shift @$list; for (@$list) { $string .= ” + ” . $_;… Continue reading Placeholders and SQL injection