undefined | Better HN

0 pointsjagged-chisel8mo ago0 comments

Doing your own escaping is digital whack-a-mole. Let the experts who wrote the prepared statement interface handle it. The knowledge of a team and/or years of experience compressed into an interface that’s trivial to use.

0 comments

ameliaquining8mo ago

Parameterized statements don't actually abstract over escaping; they entirely obviate the need for it, by moving the untrusted data out of band.

jagged-chiselOP8mo ago

It’s the safest interface to your database query engine no matter how it does the job. That’s what matters.

j / k navigate · click thread line to collapse

0 pointsjagged-chisel8mo ago0 comments

0 comments

ameliaquining8mo ago

Parameterized statements don't actually abstract over escaping; they entirely obviate the need for it, by moving the untrusted data out of band.

jagged-chiselOP8mo ago

It’s the safest interface to your database query engine no matter how it does the job. That’s what matters.

j / k navigate · click thread line to collapse