re: You Can Do it in SQL, Stop Writing Extra Code for it VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Primary reason not to do SQL was SQL Injection and wrong way devs write SQL. That's why we shifted out from SQL to ORM, but for high performance qu...
 

SQL injection is caused by underuse of SQL, not overuse of SQL.
If the logic was parameterized stored procedures in the DB, not queries string-built on the application server, there wouldn't be a vulnerability.

In most industries, it's ridiculous to allow arbitrary query access to production database.

code of conduct - report abuse