Y
Hacker News
new
|
ask
|
show
|
jobs
by
colejohnson66
3647 days ago
Or, you know, just doing the right thing(tm) and using parameterized queries
1 comments
ams6110
3647 days ago
Yes. If you are building SQL by concatenating user inputs (escaped or not) you are doing it wrong.
link
Klathmon
3647 days ago
IMO building SQL by concatenating anything
feels wrong
.
I still do it, and i haven't used an ORM yet that is actually useful, but it still feels wrong.
link