Comment by MBCook

Comment by MBCook 3 days ago

0 replies

View on Hacker News

String sql = “Not having “ +

“to break up “ +

“SQL statements” +

“like this for readability “ +

“thus making them hard to edit “ +

“was incredibly useful at my job.”;

(Note: I put a subtle bug in there because it always happened)

SQL injection is horrible, but people were managing to do that all these years after prepared statements anyway without text blocks. I really don’t think they made things worse. Same thing with embedding HTML in the code. They were gonna do it anyway.