I agree that security shouldn't be a last-minute thought, but those are terrible examples!
If you're prototyping, think at a higher level, and prototype with native language objects, or if you need to use a DB, use an ORM. Writing raw SQL is only fast the first time, and then you're no better than assembly-coding your database.
For string encoding, just take out non-alphanumeric characters, unless you're dealing specifically with non-English, and then expand your target audience once you can do it safely. Most blogs, for example, don't deal with i18n in urls; they just convert any non-alphanumerics (include spaces) to hyphens, which is safe and easy. Again, that's a simple regexp: in Ruby, .gsub(/[^0-9a-z]/,'-') . If non-Anglophones sign up in droves, you have a massive user base, which is motivational inertia enough.
"If you're prototyping, think at a higher level, and prototype with native language objects, or if you need to use a DB, use an ORM. Writing raw SQL is only fast the first time, and then you're no better than assembly-coding your database."
Yes, good job, part of my point.
"For string encoding, just take out non-alphanumeric characters, unless you're dealing specifically with non-English, and then expand your target audience once you can do it safely."
No, the real solution is to learn what encoding actually entails and learn how to do it right without a lot of fuss. That approach is actually harder than doing it right, because it's "only one regexp" in a quick HN comment; in practice it'll blow up in your face. That's just a panic response brought on by not knowing what you're doing with encoding.
If you're prototyping, think at a higher level, and prototype with native language objects, or if you need to use a DB, use an ORM. Writing raw SQL is only fast the first time, and then you're no better than assembly-coding your database.
For string encoding, just take out non-alphanumeric characters, unless you're dealing specifically with non-English, and then expand your target audience once you can do it safely. Most blogs, for example, don't deal with i18n in urls; they just convert any non-alphanumerics (include spaces) to hyphens, which is safe and easy. Again, that's a simple regexp: in Ruby, .gsub(/[^0-9a-z]/,'-') . If non-Anglophones sign up in droves, you have a massive user base, which is motivational inertia enough.