Conversation

This Tweet was deleted by the Tweet author. Learn more

This Tweet was deleted by the Tweet author. Learn more

Replying to

This isn't actually what happened though. There was no injection happening, and no issues with sanitization. The actual issue was a weakly typed language converting "NULL" to NULL when being compared to a ticket with no plate number entered.

1:30 PM · Aug 14, 2019Twitter for Android

Replying to

and

Also worth bringing up: sanitization is the wrong approach for securing database queries. Use parameterized queries, and stop constructing queries through string interpolation, and this solves pretty much any injection issues with SQL.

2

1

Replying to

and

seeing the word 'sanitization' in code is a red flag for me now. because it's a super vague term, and anyone who knows what they're doing will use a more specific one

1

1

Show replies