[Haskell-cafe] Re: Interesting new user perspective
Andrew Coppin
andrewcoppin at btinternet.com
Sat Oct 11 17:56:32 EDT 2008
Svein Ove Aas wrote:
> On Sat, Oct 11, 2008 at 9:30 PM, Iain Barnett <iainspeed at gmail.com> wrote:
>
>> Personally, I use stored procedures with a database as they protect from sql
>> injection attacks (unless you write some really stupid procedures).
>>
>>
> Isn't this what parametrized queries are for?
>
Yes. (And it also improves DB performance since it doesn't have to
continually reparse the query and rebuild the query plan.)
Now consider dynamically constructing HTML and avoiding HTML injection
attacks. There isn't an easy machine fix for that one.
More information about the Haskell-Cafe
mailing list