[Haskell-cafe] Re: Interesting new user perspective

Andrew Coppin andrewcoppin at btinternet.com
Sat Oct 11 17:56:32 EDT 2008

Svein Ove Aas wrote:
> On Sat, Oct 11, 2008 at 9:30 PM, Iain Barnett <iainspeed at gmail.com> wrote:
>> Personally, I use stored procedures with a database as they protect from sql
>> injection attacks (unless you write some really stupid procedures).
> Isn't this what parametrized queries are for?

Yes. (And it also improves DB performance since it doesn't have to 
continually reparse the query and rebuild the query plan.)

Now consider dynamically constructing HTML and avoiding HTML injection 
attacks. There isn't an easy machine fix for that one.

More information about the Haskell-Cafe mailing list