Hilarious Rant about SQL Injection

My recent article about SQL injection has stirred some serious emotions on JCG. I don’t want to keep it from you! An extract:

[…] The idea that if I use an ORM, my SQL injection woes will magically go away is f***ing harmful, shortsighted, and anybody who thinks that should be kicked squarely in a sensitive region. […]

And if you’ve survived that kick…

[…] Since there is no SQL statement, things like “‘a’; TRUNCATE your_mom” get stored/selected from as exactly that […]

And if your mom has survived truncation, too:

[…] ORM still won’t save you. Validate your god-d*** f***ing inputs, jack-a**.

So please, sanitise your code, or the angry man will come and get you!! :)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.