Other Approaches
- Some languages such as Perl and Ruby opt for an approach involving data tainting, where data from untrusted sources, such as user input, are considered "tainted" and can not be used for dangerous operations until explicitly marked as trustworthy, usually after validation and/or encoding. Since the construction of SQL queries is considered "dangerous" in this context, this forces the programmer to address the problem. Tainting does not solve the problem, but it does highlight those instances where there is a problem so that the programmer is able to solve them appropriately.
- Joel Spolsky has suggested using a form of Hungarian notation that indicates whether data are safe or unsafe.
- Modern database engines and libraries use parameterised queries to pass data to the database separately from SQL commands, greatly reducing the need to escape data before constructing the queries.
Read more about this topic: Magic Quotes
Famous quotes containing the word approaches:
“If I commit suicide, it will not be to destroy myself but to put myself back together again. Suicide will be for me only one means of violently reconquering myself, of brutally invading my being, of anticipating the unpredictable approaches of God. By suicide, I reintroduce my design in nature, I shall for the first time give things the shape of my will.”
—Antonin Artaud (1896–1948)
“Someone approaches to say his life is ruined
and to fall down at your feet
and pound his head upon the sidewalk.”
—David Ignatow (b. 1914)
Related Phrases
Related Words