this post was submitted on 04 Apr 2024
969 points (97.5% liked)

Programmer Humor

19623 readers
2719 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] trxxruraxvr@lemmy.world 10 points 7 months ago (1 children)

Every modern database library automatically protects against SQL injection,

No. Every modern library allows using prepared statements, but very few (of any) force using them. If the developer doesn't use them the libraries won't do shit to protect you.

[–] dan@upvote.au -1 points 7 months ago* (last edited 7 months ago) (1 children)

What I meant is that not many people write raw SQL in product code any more, other than for analytical purposes (which are often in a system like Apache Airflow rather than in product code). ORM systems have mostly taken over except for cases where you really need raw SQL for whatever reason.

[–] psud@aussie.zone 2 points 7 months ago

Practically every dev learnt SQL and it's really easy to put hands crafted SQL in code so it's an easy mistake to make