Or maybe introduce them to Little Bobby Tables - eviltoast

(skeletor is leading by example by adding that unnecessary apostrophe…)

  • hakunawazo@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    8 months ago

    No serious software would fall for such an easy attack anymore. With prepared statements it’s impossible to break queries like that. Beside that one principle is to avoid using user inputs directly in your database.