Programmer Humor

19187 readers

1136 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 1 year ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

955

Life Hack (lemm.ee)

submitted 5 months ago by sag@lemm.ee to c/programmer_humor@programming.dev

127 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] r00ty@kbin.life 10 points 5 months ago (1 children)

Well no. If the programmer uses prepared statements, they are protected. If they use a prepared statement but actually just put their own unsanitized statement in there and execute it, it's not protected.

Now, I'd like to say it is 2024 and everyone should be using AT LEAST prepared statements for security. I've seen people doing some scary things in my time, and that includes quite recently.

[–] dan@upvote.au 1 points 5 months ago (1 children)

Bad developers will do bad things, but most DB framework documentation points people towards the right way to do things, which is why I said it's not common any more.

[–] DrJenkem@lemmy.blugatch.tube 6 points 5 months ago

Bad developers are common though. And good documentation won't stop a bad developer from doing a bad thing.

I agree that SQLi isn't as common as it once was, but it still very much exists.