re: You Can Do it in SQL, Stop Writing Extra Code for it VIEW POST

re: "Primary reason not to do SQL was SQL Injection..." That strikes me as like saying "We do not use the Math library, because devs keep using divisi...

For one man army with knowledge of SQL Injection, your argument is solid, but if you have 100s of developers, avoiding SQL Injection without ORM is impossible unless you have time to review every query ever written.

I can only speak from my area of expertise (Oracle) but in that instance, a single query will tell me where SQL injection risk points are.

code of conduct - report abuse