For those who don't know, these are called prepared statements. Instead of mashi... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		keeperofdakeys on June 2, 2012 \| parent \| context \| favorite \| on: SQL Injection Vulnerability in Rails For those who don't know, these are called prepared statements. Instead of mashing strings together, you define variables in your sql string, and associate a value and type with each variable. Of course this doesn't stop bugs in the implementation, as in this case.

__float on June 2, 2012 [–]

I believe the parent was mocking Ruby for its dynamic typing, rather than what you're discussing.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact