WP-A: A New URL Shortener
Thomas 'PointedEars' Lahn
PointedEars at web.de
Fri Mar 25 17:28:38 EDT 2016
Chris Angelico wrote:
> […] Thomas 'PointedEars' Lahn […] wrote:
>> Chris Angelico wrote:
>>> […] Thomas 'PointedEars' Lahn […] wrote:
>>>> Daniel Wilcox wrote:
>>>>> Cool thanks, highly recommended to use an ORM to deter easy SQL
>>>>> injections.
>>>> That is to crack a nut with a sledgehammer. SQL injection can be
>>>> easily and more efficiently prevented with prepared statements. […]
>>> You don't even need prepared statements. All you need is parameterized
>>> queries.
>> A prepared statement in this context uses a parameterized query.
>>
>>
<https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Defense_Option_1:_Prepared_Statements_.28Parameterized_Queries.29>
>
> I know what a prepared statement is. And I know that they are
> effective. However they are overkill - as I said, you merely need
> parameterization.
Then enlighten me, please: How is “parameterization” or a “parameterized
query”, as *you* understand it, different from a prepared statement?
--
PointedEars
Twitter: @PointedEars2
Please do not cc me. / Bitte keine Kopien per E-Mail.
More information about the Python-list
mailing list