Other Approaches
- Some languages such as Perl and Ruby opt for an approach involving data tainting, where data from untrusted sources, such as user input, are considered "tainted" and can not be used for dangerous operations until explicitly marked as trustworthy, usually after validation and/or encoding. Since the construction of SQL queries is considered "dangerous" in this context, this forces the programmer to address the problem. Tainting does not solve the problem, but it does highlight those instances where there is a problem so that the programmer is able to solve them appropriately.
- Joel Spolsky has suggested using a form of Hungarian notation that indicates whether data are safe or unsafe.
- Modern database engines and libraries use parameterised queries to pass data to the database separately from SQL commands, greatly reducing the need to escape data before constructing the queries.
Read more about this topic: Magic Quotes
Famous quotes containing the word approaches:
“No one ever approaches perfection except by stealth, and unknown to themselves.”
—William Hazlitt (17781830)
“The Oriental philosophy approaches easily loftier themes than the modern aspires to; and no wonder if it sometimes prattle about them. It only assigns their due rank respectively to Action and Contemplation, or rather does full justice to the latter. Western philosophers have not conceived of the significance of Contemplation in their sense.”
—Henry David Thoreau (18171862)
Related Phrases
Related Words