13 Oct
2008
13 Oct
'08
2:43 a.m.
Andrew Coppin wrote:
apfelmus wrote:
... and a solution to a problem that you souldn't have in the first place. I mean, if you want to construct XML or SQL statements, you ought to use an abstract data type that ensures proper nesting etc. and not a simple string.
Right. And if you have 25 KB of HTML data, you're *really* going to transform all of that into an abstract data type just to avoid injection problems, right?
Yes. "Just" an injection problem is an understatement. And its the implementation of the abstract data type that determines how fast things are. Who said that it may not simply be a newtyped String ? Regards, apfelmus