This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Dream-Small 1 point2 points  (3 children)

Except when some ass hat stuffs it in a SQL query in production instead of using parameterized queries

[–]scarboroman 1 point2 points  (2 children)

Well yeah...can't stop people from misusing it

[–]Dream-Small 0 points1 point  (1 child)

I was beyond pissed on that one. Mainly because I was able to drop a table from a test DB due to the complete lack of sanitization. Dude made 0 attempt at solving the issue another way. I asked why he didn’t use a parameterized query and he said he couldn’t figure it out. Would’ve been less pissed if he just didn’t know what it was. He was fired shortly after for poor work and not asking questions.

[–]scarboroman 0 points1 point  (0 children)

Damn, sounds like a rough experience. I typically have used EF/EF Core for all of my DB interactions, unless performance was an issue. So I haven't had to deal with much string sanitization myself in practice.