Y
Hacker News
new
|
ask
|
show
|
jobs
by
thow232329
1346 days ago
Just put the queries in procedures with parameters. Only store the procedure calls in your backend, disable arbitrary queries completely in your database permissions.