> I can guarantee there’s a sql injection issue somewhere. This class of sql inj... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		rsynnott on March 2, 2021 \| parent \| context \| favorite \| on: Rookie coding mistake prior to Gab hack came from ... > I can guarantee there’s a sql injection issue somewhere. This class of sql injection issues can be eliminated by simply enforcing that all queries are string literals.

twodave on March 3, 2021 | [–]

I'd amend to this "... or composed of local string literals". Programmatically-generated SQL can be advantageous in terms of maintenance, readability and even performance, depending on the situation.

tehjoker on March 3, 2021 | [–]

Concur. Adding parameters to a query is what a "bind" is for.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact