[whatwg] Couple comments on Database storage spec.

timeless timeless at gmail.com
Wed Oct 17 15:51:04 PDT 2007


On 10/18/07, Ian Hickson <ian at hixie.ch> wrote:
> What would be cool is if we could detect, through tainting, the bad
> codepaths. But I see no way to do that here.

could you simply require that all sql statements be of the form:

"X = ?" instead of "X = 1"

i.e., any attempt to not use parameterized expressions throws?

I know it's possible to screw this up, but would it at least be hard enough?



More information about the whatwg mailing list