Other Approaches
- Some languages such as Perl and Ruby opt for an approach involving data tainting, where data from untrusted sources, such as user input, are considered "tainted" and can not be used for dangerous operations until explicitly marked as trustworthy, usually after validation and/or encoding. Since the construction of SQL queries is considered "dangerous" in this context, this forces the programmer to address the problem. Tainting does not solve the problem, but it does highlight those instances where there is a problem so that the programmer is able to solve them appropriately.
- Joel Spolsky has suggested using a form of Hungarian notation that indicates whether data are safe or unsafe.
- Modern database engines and libraries use parameterised queries to pass data to the database separately from SQL commands, greatly reducing the need to escape data before constructing the queries.
Read more about this topic: Magic Quotes
Famous quotes containing the word approaches:
“Perfect happiness I believe was never intended by the deity to be the lot of any one of his creatures in this world; but that he has very much put in our power the nearness of our approaches to it, is what I steadfastly believe.”
—Thomas Jefferson (1743–1826)
“The closer a man approaches tragedy the more intense is his concentration of emotion upon the fixed point of his commitment, which is to say the closer he approaches what in life we call fanaticism.”
—Arthur Miller (b. 1915)
Related Phrases
Related Words