|
|
|
|
|
|
by sah
5151 days ago
|
|
|
"They don't exist, if you don't construct SQL queries by concatenating strings and variables." My point is, people still do this. You never hear about REST-injection or memcached-injection attacks, even though those are possible in principle, because those protocols don't encourage this mistake the way using SQL as a database API does. |
|
|