You can make a good case to spend time sanitising requests to avoid catastrophic failure, but the "null" problem is one that quickly becomes a lot of work and risk to fix after the fact, for no obvious benefit except what's seen as the pedantry of some nerd, so it gets ranked all the way at the back of the list... until someone named Null comes along, and probably still even then.
You can make a good case to spend time sanitising requests to avoid catastrophic failure, but the "null" problem is one that quickly becomes a lot of work and risk to fix after the fact, for no obvious benefit except what's seen as the pedantry of some nerd, so it gets ranked all the way at the back of the list... until someone named Null comes along, and probably still even then.
I disagree. If your system is failing to correctly type check strings during SQL interpolation, you should probably kill it with fire.
I don't disagree... In most cases, it's not your system, though, it's someone else's.
3 replies →