themaninblack@lemmy.world to memes@lemmy.world · 6 months agoCVS styleimagemessage-square118linkfedilinkarrow-up1960arrow-down119
arrow-up1941arrow-down1imageCVS stylethemaninblack@lemmy.world to memes@lemmy.world · 6 months agomessage-square118linkfedilink
minus-squareryannathans@aussie.zonelinkfedilinkarrow-up9·6 months agoParameterisation entirely solves the problem without needing to sanitise the string
minus-squareMotoAsh@piefed.socialBannedlinkfedilinkEnglisharrow-up4arrow-down1·6 months agoNot entirely (I recall seeing some obscure CVEs some years ago), but it’s a hell of a lot better than what some coders try to get away with.
minus-squarePhobosAnomaly@feddit.uklinkfedilinkarrow-up2·6 months agoI don’t disagree, but throwing out the concept of prepared statements and parameterisation to someone who has asked for an explanation of the Bobby Tables jokes is a bit heavy going.
Parameterisation entirely solves the problem without needing to sanitise the string
Not entirely (I recall seeing some obscure CVEs some years ago), but it’s a hell of a lot better than what some coders try to get away with.
I don’t disagree, but throwing out the concept of prepared statements and parameterisation to someone who has asked for an explanation of the Bobby Tables jokes is a bit heavy going.