WP-A: A New URL Shortener
Chris Angelico
rosuav at gmail.com
Thu Mar 17 19:24:11 EDT 2016
On Fri, Mar 18, 2016 at 10:17 AM, Thomas 'PointedEars' Lahn
<PointedEars at web.de> wrote:
> Daniel Wilcox wrote:
>
>> Cool thanks, highly recommended to use an ORM to deter easy SQL
>> injections.
>
> That is to crack a nut with a sledgehammer. SQL injection can be easily and
> more efficiently prevented with prepared statements. While an Object-
> Relational Mapper (ORM) can use those, and there are benefits to using an
> ORM, avoiding SQL injection should not be the primary reason to use an ORM.
> In fact, using an ORM is often not only overkill, but effectively *reduces*
> application performance.
You don't even need prepared statements. All you need is parameterized queries.
ChrisA
More information about the Python-list
mailing list