Re: [Haskell-cafe] Re: Interesting new user perspective

Svein Ove Aas wrote:

On Sat, Oct 11, 2008 at 9:30 PM, Iain Barnett wrote:

...

Personally, I use stored procedures with a database as they protect from sql injection attacks (unless you write some really stupid procedures).

Isn't this what parametrized queries are for?

Yes. (And it also improves DB performance since it doesn't have to continually reparse the query and rebuild the query plan.) Now consider dynamically constructing HTML and avoiding HTML injection attacks. There isn't an easy machine fix for that one.