|
|
|
|
|
|
by undoware
4711 days ago
|
|
|
This is a semantic quibble. Your point could be restated as, "if you're not filtering potentially dangerous data out of your SQL queries (i.e. you're not using a fixed vocabulary of properly-quoted phrases) then you are vulnerable to SQLi." think of it this way: no matter how you slice it, there are Bad Things you need to keep out of your SQL, and an easy layperson term for doing so is 'filtering'. Recall that 'filter' != regexp. |
|
|