Timeline for SQL sanitizing in code with no user input
Current License: CC BY-SA 4.0
6 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Mar 10, 2023 at 7:55 | comment | added | Pieter B | I think whether or not one should use an ORM is outside the scope of this answer. | |
| Mar 8, 2023 at 12:58 | comment | added | stoj | @Nelson It might be perspective but I have always felt that ORMs were a disaster. Using parameters is a no brainer but an ORM is more situational. | |
| Mar 8, 2023 at 12:19 | comment | added | Klaws | It's risky if the data is skewed. Check my comment in response to Matthieu M.'s comment. | |
| Mar 8, 2023 at 0:43 | comment | added | Nelson | Skipping an ORM should only be done for prototypes or something that is actually temporary. The long-term consequence of not having an ORM is always a disaster. | |
| Mar 7, 2023 at 17:59 | comment | added | Greg Burghardt | This is a benefit that people often overlook. I was about to comment on JonasH's answer about this, until I read your answer. Especially since parameterized queries are pretty easy to write. Most database libraries and ORMs support this intuitively. | |
| Mar 7, 2023 at 12:23 | history | answered | Pieter B | CC BY-SA 4.0 |