Other Approaches
- Some languages such as Perl and Ruby opt for an approach involving data tainting, where data from untrusted sources, such as user input, are considered "tainted" and can not be used for dangerous operations until explicitly marked as trustworthy, usually after validation and/or encoding. Since the construction of SQL queries is considered "dangerous" in this context, this forces the programmer to address the problem. Tainting does not solve the problem, but it does highlight those instances where there is a problem so that the programmer is able to solve them appropriately.
- Joel Spolsky has suggested using a form of Hungarian notation that indicates whether data are safe or unsafe.
- Modern database engines and libraries use parameterised queries to pass data to the database separately from SQL commands, greatly reducing the need to escape data before constructing the queries.
Read more about this topic: Magic Quotes
Famous quotes containing the word approaches:
“No one ever approaches perfection except by stealth, and unknown to themselves.”
—William Hazlitt (1778–1830)
“I should say that the most prominent scientific men of our country, and perhaps of this age, are either serving the arts and not pure science, or are performing faithful but quite subordinate labors in particular departments. They make no steady and systematic approaches to the central fact.... There is wanting constant and accurate observation with enough of theory to direct and discipline it. But, above all, there is wanting genius.”
—Henry David Thoreau (1817–1862)
Related Phrases
Related Words