WP-A: A New URL Shortener
Thomas 'PointedEars' Lahn
PointedEars at web.de
Sat Mar 19 10:00:28 EDT 2016
Chris Angelico wrote:
> On Fri, Mar 18, 2016 at 10:17 AM, Thomas 'PointedEars' Lahn
> <PointedEars at web.de> wrote:
>> Daniel Wilcox wrote:
>>> Cool thanks, highly recommended to use an ORM to deter easy SQL
>>> injections.
>>
>> That is to crack a nut with a sledgehammer. SQL injection can be easily
>> and more efficiently prevented with prepared statements. While an
>> Object-Relational Mapper (ORM) can use those, and there are benefits to
>> using an ORM, avoiding SQL injection should not be the primary reason to
>> use an ORM. In fact, using an ORM is often not only overkill, but
>> effectively *reduces* application performance.
>
> You don't even need prepared statements. All you need is parameterized
> queries.
A prepared statement in this context uses a parameterized query.
<https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Defense_Option_1:_Prepared_Statements_.28Parameterized_Queries.29>
--
PointedEars
Twitter: @PointedEars2
Please do not cc me. / Bitte keine Kopien per E-Mail.
More information about the Python-list
mailing list