top | item 41564618

(no title)

I agree. It would be nice if most SQL API's were secure by default to prevent SQLI. It's really something that the db connectors in the programming languages should handle with more grace like most ORMs today handle them pretty well.

I believe it largely is due to how SQL is designed to allow multiple queries to be concatenated with each other, and poor logic design when writing such queries.

discuss

jeltz|1 year ago

SQL is not designed to allow multiple queries to be concatenated. That is a feature of certain databases, not SQL itself.