Hacker News new | past | comments | ask | show | jobs | submit login

Sanitizing your inputs is apparently even harder than salting and hashing your passwords, something even the big-name companies tend to mess up.

Sigh.




Little Bobby Tables, we call him.



You don't even need to sanitize them, actually.


That's true. For example in Python, you declare the query as "Select * from a where b=? and c=d" and then put a tuple (z,) to specify b.

It's something the NYSE should get "hip" to.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: