Hacker News new | past | comments | ask | show | jobs | submit login

Incorrect handling I'd say. If you're filtering apostrophes from your user input you're doing it wrong.

This is a semantic quibble. Your point could be restated as, "if you're not filtering potentially dangerous data out of your SQL queries (i.e. you're not using a fixed vocabulary of properly-quoted phrases) then you are vulnerable to SQLi."

think of it this way: no matter how you slice it, there are Bad Things you need to keep out of your SQL, and an easy layperson term for doing so is 'filtering'.

Recall that 'filter' != regexp.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact