On Feb 3, 2010, at 6:16 PM, Robert Haas wrote:
>> Any web framework that interpolates user supplied values into SQL rather
>> than using placeholders is broken from the get go, IMNSHO. I'm not saying
>> that there aren't reasons to hold up moving to SCS, but this isn't one of
>> them.
>
> That seems more than slightly harsh. I've certainly come across
> situations where interpolating values (with proper quoting of course)
> made more sense than using placeholders. YMMV, of course.
Not if it leads to Little Bobby Tables's door when, you know, you use SQL conformant strings! Sounds like an app that
needsits quoting function fixed.
Best,
David