this post was submitted on 04 Apr 2024
970 points (97.5% liked)
Programmer Humor
19557 readers
676 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Every modern database library automatically protects against SQL injection, usually by using prepared statements (where the query with placeholders, and the placeholder values, are sent as two separate things). so a system would have to be written extremely poorly to be vulnerable to it.
This post is just a joke as developers should hopefully be aware of the OWASP top 10 security vulnerabilities.
Edit: Bad developers will do bad things, but any reasonable developer should be well aware of these risks.
Well no. If the programmer uses prepared statements, they are protected. If they use a prepared statement but actually just put their own unsanitized statement in there and execute it, it's not protected.
Now, I'd like to say it is 2024 and everyone should be using AT LEAST prepared statements for security. I've seen people doing some scary things in my time, and that includes quite recently.
Bad developers will do bad things, but most DB framework documentation points people towards the right way to do things, which is why I said it's not common any more.
Bad developers are common though. And good documentation won't stop a bad developer from doing a bad thing.
I agree that SQLi isn't as common as it once was, but it still very much exists.