- Jul 11, 2004
- 21,867
- 7
- 81
It seems that many of the vulnerabilities out there are due to SQL taking strings as its query (SQL injections). Why is there not a more structured query format that wouldn't allow such vulnerabilities?
The place that I just started working at has a database utility library that has functions for any kind of SQL query you could think of. Not only do these functions make writing queries easier (not having to build a string), they make it really easy to sanitize input.
So, can anyone explain to me the reason that the interface to SQL databases is string queries? I'm sure I'm missing something, but I don't see the point.
<--- SQL noob
The place that I just started working at has a database utility library that has functions for any kind of SQL query you could think of. Not only do these functions make writing queries easier (not having to build a string), they make it really easy to sanitize input.
So, can anyone explain to me the reason that the interface to SQL databases is string queries? I'm sure I'm missing something, but I don't see the point.
<--- SQL noob