Keep It Simple, Stupid | |
PerlMonks |
Re: Re: Use placeholders. For SECURITY!by hardburn (Abbot) |
on Nov 14, 2003 at 16:01 UTC ( [id://307078]=note: print w/replies, xml ) | Need Help?? |
I'd rather employ someone who knows how to do right and uses placeholders than someone who uses placeholders because they saw an article on a website that told them they should "for security." The former's understanding would be far more valuable than the latter's best practices. I think it's more common that programmers think they know how to do it right, and will probably even be able to fool an interviewer into thinking they know how to do it right, but will often miss an edge case. Or perhaps they know how to do it right for MySQL, but the same code doesn't catch a potential problem for PostgreSQL. I understand enough to know that I don't understand, which might sound self-detrimental, but it actually puts me way ahead of programmers who think they know what they're doing but actually get it wrong. Admiting the fact that I don't understand the complete problem set, I use placeholders because someone who does understand already did the work for me. If that person actually didn't understand (i.e., there's a bug in a DBD's placeholder mechanisim), it's a lot easier to change the DBD module then to fix a lot of programs in production. That's not even touching on the other benifits of placeholders, like efficiency of cached statements (especially in a mod_perl environment). ---- : () { :|:& };: Note: All code is untested, unless otherwise stated
In Section
Meditations
|
|