[whatwg] Couple comments on Database storage spec.
timeless at gmail.com
Wed Oct 17 15:51:04 PDT 2007
On 10/18/07, Ian Hickson <ian at hixie.ch> wrote:
> What would be cool is if we could detect, through tainting, the bad
> codepaths. But I see no way to do that here.
could you simply require that all sql statements be of the form:
"X = ?" instead of "X = 1"
i.e., any attempt to not use parameterized expressions throws?
I know it's possible to screw this up, but would it at least be hard enough?
More information about the whatwg