re: You Can Do it in SQL, Stop Writing Extra Code for it VIEW POST

VIEW PARENT COMMENT VIEW FULL DISCUSSION
 

For one man army with knowledge of SQL Injection, your argument is solid, but if you have 100s of developers, avoiding SQL Injection without ORM is impossible unless you have time to review every query ever written.

I can only speak from my area of expertise (Oracle) but in that instance, a single query will tell me where SQL injection risk points are.

connor-mcdonald.com/2016/05/30/sql...

code of conduct - report abuse