this post was submitted on 04 Apr 2024
972 points (97.5% liked)

Programmer Humor

19548 readers
1021 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 10 points 7 months ago (1 children)

Every modern database library automatically protects against SQL injection,

No. Every modern library allows using prepared statements, but very few (of any) force using them. If the developer doesn't use them the libraries won't do shit to protect you.

[–] [email protected] -1 points 7 months ago* (last edited 7 months ago) (1 children)

What I meant is that not many people write raw SQL in product code any more, other than for analytical purposes (which are often in a system like Apache Airflow rather than in product code). ORM systems have mostly taken over except for cases where you really need raw SQL for whatever reason.

[–] [email protected] 2 points 7 months ago

Practically every dev learnt SQL and it's really easy to put hands crafted SQL in code so it's an easy mistake to make