theorytoe, 3 months ago

@kirby
>sql query sanitization is boring
what u working on

icedquinn, 3 months ago

@theorytoe @kirby is this still even a thing? everythng i've used post-PHP has some form of prepared statement api where you just put ?'s in the query and pass the data as a sidecar

kirby, 3 months ago

@icedquinn @theorytoe yea i noticed the ? thing. it does sanitization for you right? new to sql so treat me kindly i guess

theorytoe, 3 months ago

@kirby @icedquinn if you are using any decently maintained library it should handle that

kirby, 3 months ago

@theorytoe @icedquinn using python sqlite3 for now. that will work fine with ?s and all that so i dont really have to do any manual sanitization, i guess?

icedquinn, 3 months ago

@kirby @theorytoe i use sqlalchemy on python it definitely does this

icedquinn, 3 months ago

@kirby @theorytoe yes there are apis where you put in ? instead of the value, and then provide the value separately. i think postgres even has a specific protocol for this on the wire where the values don't even go in the query string, idk if mysql does