|
|
|
|
|
|
by cm2187
4020 days ago
|
|
|
I would agree if we were talking about much more advanced technologies (like multi-threading or high performance code). But using cryptographic functions or parameterised queries are pretty basic skills. You don't expect every electrician to be able to fix a motherboard but you expect any electrician to know "domestic electrical installation 101". |
|
|
You might be able to say that now, after much publicization and improved tooling. PHP/mysql comes to mind as not even supporting parameterized queries up to somewhat recent history. Ensuring your queries were safe was entirely up to you. A lot of those old code bases still exist and are being exploited, but what evidence is there that people are still writing brand new projects that way?
That said, even in recent times I've run into edge cases that were not covered by parameterization, still leaving me to ensure the query is sane. It takes care to make sure you get it right. Maybe if you're just shuffling basic user input into a database you can make that claim, but not all tasks are so simple.
> You don't expect every electrician to be able to fix a motherboard but you expect any electrician to know "domestic electrical installation 101".
If you are writing web software you probably should know SQL and all of its shortcomings, but I wouldn't expect all programmers to know SQL, even at a basic level. There are countless programming tasks that will never have anything to do with relational databases.