On Fri, Jun 25, 2010 at 5:15 AM, Jorgen Grahn <grahn+n...@snipabacken.se<grahn%2bn...@snipabacken.se> > wrote:
> Am I missing something? If not, I can go back to sleep -- and keep > avoiding SQL and web programming like the plague until that community > has entered the 21st century. > You're not missing anything. Its been the accepted industry practice for years and years (and /years/), the taught industry practice, the advised industry practice, the constantly repeated practice on every even vaguely database related forum forever now. However: a) Some people are convinced of their own infallibility, and prefer a clever construct generating a string that has to be parsed due to the cleverness of said construct. b) Some people don't listen / understand. c) Some people don't care. And so, SQL injection attacks continue to persist. Then again, its not like anyone in the C-ish world doesn't know about bounds checking on arrays, do they? But buffer overflows persist. Probably for similar reasons as above (with slightly different 'and prefer' clause) --Stephen
-- http://mail.python.org/mailman/listinfo/python-list
