My recent article about SQL injection has stirred some serious emotions on JCG. I don’t want to keep it from you! An extract:
[...] The idea that if I use an ORM, my SQL injection woes will magically go away is f***ing harmful, shortsighted, and anybody who thinks that should be kicked squarely in a sensitive region. [...]
And if you’ve survived that kick…
[...] Since there is no SQL statement, things like “‘a’; TRUNCATE your_mom” get stored/selected from as exactly that [...]
And if your mom has survived truncation, too:
[...] ORM still won’t save you. Validate your god-d*** f***ing inputs, jack-a**.
So please, sanitise your code, or the angry man will come and get you!! 
http://www.javacodegeeks.com/2012/07/database-abstraction-and-sql-injection.html#comment-603438572
Filed under: blogging, sql Tagged: angry man, Database, emotions, recent article, sensitive region, sql, SQL injection
