Comment by simonw

Comment by simonw a day ago

0 replies

View on Hacker News

If I use parameterized SQL queries my systems are 100% protected against SQL injection attacks.

If I make a mistake with those and someone reports it to me I can fix that mistake and now I'm back up to 100%.

If our measures against SQL injection were only 99% effective none of our digital activities involving relational databases would be safe.

I don't think it is unreasonable to want a security fix that, when applied correctly, works 100% of the time.