|
|
|
|
|
|
by Lockal
115 days ago
|
|
|
Parameterized queries fail to protect from SQL injection for decades, because database engine developers fail to listen. What could work instead, if any parameter could be safely injected: SELECT $1, $2($3) FROM $4
WHERE $5 $6 $7
GROUP BY $1
ORDER BY $8 $9
but at that point SQL loses its point and turns into MongoDB query language. |
|
|