When you say you're "one of the idiots", do you mean you work for Envelope? Are you posting this as a "we learned our lesson and thought we were experts when we aren't"?
I'm all for beginners finding new and novel ways to solve problems, but if you are involved with the envelope team, it would be interesting to hear your experiences of what happened after the video was made.
I missed that in the post, and the title of "Idiots ... claim immunity to SQL injection attacks" doesn't suggest you've been successful.
Maybe I'm the idiot. You've got a nice query building interface, and I'm not SQL injection expert, but if you're are transferfing SQL statements directly from a browser through to your API, then somebody can just write a damaging SQL statement to the API. If you're sending to your API a paramaterized list Eg. in a restful example Get/id,name/Where/last_accessed/Greater/24000 then you've really built an API which is doing the same thing middle where is doing. Translating an API into SQL at some point.
As a developer, you haven't hit a solution for me. So little time is spent reading and writing to databases because middleware has abstracted so much of that and in languages like Rails, you're spending 90% of your time working with the data outside the db and then just stuffing it into the db. The frameworks take care of the SQL injection issues due to the middleware, which is open sourced and being used by millions of sites safely.
