Aurynn ShawJan 9, 2024

Please stop making software that’s vulnerable to SQL injection attacks. It’s 2024. Learn about parameterized queries. Please.

Please.

Show threadLee RymanJan 9, 2024
@aurynn I find it amazing it keeps occurring. I remember using parameters 20 years ago in PERL and VB6. It's not even new. It wasn't that long ago I caught a 'profesional' allowing a varchar param to be appended to a query exec'ed in a sproc runnable by anyone, so they could build where clauses in their UI. It was only the database that ran a massive manufacturing plant.
Show threadAurynn ShawJan 9, 2024
@LeeRyman How are we failing people so badly by not teaching this
Show threadmirabilos
@aurynn @LeeRyman maybe part of the problem is people now go to uni to study computer science, which however is not programming, and that people who "only" have finished a vocational school programme (but learnt programming) are seen as lesser
Jan 9, 2024 at 9:27pmWeb
Show threadLee RymanJan 9, 2024

@mirabilos @aurynn Don't get me started on ranting about why hiring managers and uni's keep pushing CompSci vs SWEng. :)

Each have their distinct skill trees / target careers, but that seem commonly misunderstood.

Show threadmirabilosJan 10, 2024
@LeeRyman @aurynn there’s not even SWEng at unis here…