• dan@upvote.au
    link
    fedilink
    arrow-up
    15
    arrow-down
    8
    ·
    edit-2
    8 months ago

    does not protect from SQL injection attacks (many don’t, despite it being easy to protect against)

    Every modern database library automatically protects against SQL injection, usually by using prepared statements (where the query with placeholders, and the placeholder values, are sent as two separate things). so a system would have to be written extremely poorly to be vulnerable to it.

    This post is just a joke as developers should hopefully be aware of the OWASP top 10 security vulnerabilities.

    Edit: Bad developers will do bad things, but any reasonable developer should be well aware of these risks.