Re: [sqlite] Security vulnerabilities prevalent in web tutorials for PHP, javascript, etc..

On Sun, 23 Apr 2017 21:31:42 +0100 Simon Slavin wrote: > If you don?t understand what you?re doing, hire an experienced > programmer. Ah, but you don't know what you don't know. After all, 90% of programmers rate themselves "above average". When I first heard of "SQL

Re: [sqlite] Security vulnerabilities prevalent in web tutorials for PHP, javascript, etc..

On Mon, Apr 24, 2017 at 3:33 AM, Keith Medcalf wrote: > > I’m curious about binding as an idea. [...] > [...] The EXEC SQL interface has all but disappeared in most languages > [...] Oracle still supports https://en.wikipedia.org/wiki/Pro*C but that's pure client-side,

Re: [sqlite] Security vulnerabilities prevalent in web tutorials for PHP, javascript, etc..

On 24 Apr 2017, at 2:33am, Keith Medcalf wrote: > [history] That’s very interesting. I’m remembering the first DBMS language I used on desktop computers rather than mainframes or minis. It was something called "Q-Pro 4" and included both database commands and user

Re: [sqlite] Security vulnerabilities prevalent in web tutorials for PHP, javascript, etc..

> I’m curious about binding as an idea. I never used SQLite 1 or 2. Was > binding originally done to avoid security vulnerability or was that just > the result of implementing it for some other reason ? If you are talking about things other than SQLite (which is very new to the scene as

Re: [sqlite] Security vulnerabilities prevalent in web tutorials for PHP, javascript, etc..

On 4/23/17, Simon Slavin wrote: > I’m curious about binding as an idea. I never used SQLite 1 or 2. Was > binding originally done to avoid security vulnerability or was that just the > result of implementing it for some other reason ? Binding was added to make the TCL

Re: [sqlite] Security vulnerabilities prevalent in web tutorials for PHP, javascript, etc..

I’m curious about binding as an idea. I never used SQLite 1 or 2. Was binding originally done to avoid security vulnerability or was that just the result of implementing it for some other reason ? Looking at the work I did on other languages which use English-like commands I never used

Re: [sqlite] Security vulnerabilities prevalent in web tutorials for PHP, javascript, etc..

Recall that SQLite was original created as a Tcl (https://www.tcl.tk/) extension. Using TCL, the first example reported in the article would be coded like this: set result [db eval {SELECT count(*) FROM users WHERE userid=$_POST(newid)}] With the TCL interface to SQLite, the code above is

Re: [sqlite] Security vulnerabilities prevalent in web tutorials for PHP, javascript, etc..

On April 23, 2017 4:31:42 PM EDT, Simon Slavin wrote: >There’s been almost no traffic on this list this weekend so I don’t >feel too bad posting something that’s not specifically about SQLite. >But a lot of us use SQLite as a back end for web-facing databases, >called from

[sqlite] Security vulnerabilities prevalent in web tutorials for PHP, javascript, etc..

There’s been almost no traffic on this list this weekend so I don’t feel too bad posting something that’s not specifically about SQLite. But a lot of us use SQLite as a back end for web-facing databases, called from PHP, and this is about PHP tutorials found on the web. ObAcronym: "SQLi" is