I am 100% sure that none of the code I’ve written in the past 20 years interpola... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		utborin on March 3, 2021 \| parent \| context \| favorite \| on: Rookie coding mistake prior to Gab hack came from ... I am 100% sure that none of the code I’ve written in the past 20 years interpolates user input into SQL. There is absolutely no excuse for this, and there hasn’t been for a very long time. Prepared statements have been a thing for longer than half the users of this website have been alive. Remember Bobby Tables? That was 2007.

vntok on March 3, 2021 [–]

This seems like hubris, although you might be correct. Is there a repository of your code that we could download and run checks on?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact