Metaprogramming

David Hopwood <>
Thu Aug 24 23:09:21 CEST 2006


Yariv Sadan wrote:
>>
>> But unlike Vlad's version, that's vulnerable to SQL injection attacks.
> 
> This particular statement actually isn't vulnerable because it's
> entirely generated by the programmer. In a "real" example, though, you
> should be careful to escape all your strings :)

The fact that "not real" examples tend to handwave away the need for
escaping, is one reason why injection vulnerabilities are so common.

-- 
David Hopwood <>





More information about the erlang-questions mailing list