← Back to context Comment by youerbt 6 years ago Then your database API should use "safe strings" only, simple as that. 2 comments youerbt Reply kortilla 6 years ago “DELETE * from table” is a safe string though for something like file contents or perhaps a comment box on a hacker news site.The term “safe string” is effectively meaningless because it entirely depends on how the internals are going to use it. youerbt 6 years ago But of course nobody is talking about universally safe strings. It's just a name to explain the concept.Point being, if my database API uses the different types than my random internet input types, compiler will force me to convert/parse those.
kortilla 6 years ago “DELETE * from table” is a safe string though for something like file contents or perhaps a comment box on a hacker news site.The term “safe string” is effectively meaningless because it entirely depends on how the internals are going to use it. youerbt 6 years ago But of course nobody is talking about universally safe strings. It's just a name to explain the concept.Point being, if my database API uses the different types than my random internet input types, compiler will force me to convert/parse those.
youerbt 6 years ago But of course nobody is talking about universally safe strings. It's just a name to explain the concept.Point being, if my database API uses the different types than my random internet input types, compiler will force me to convert/parse those.
“DELETE * from table” is a safe string though for something like file contents or perhaps a comment box on a hacker news site.
The term “safe string” is effectively meaningless because it entirely depends on how the internals are going to use it.
But of course nobody is talking about universally safe strings. It's just a name to explain the concept.
Point being, if my database API uses the different types than my random internet input types, compiler will force me to convert/parse those.