Path: csiph.com!news.mixmin.net!weretis.net!feeder1.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: Thomas 'PointedEars' Lahn <PointedEars@web.de>
Newsgroups: comp.lang.python
Subject: Re: WP-A: A New URL Shortener
Date: Fri, 25 Mar 2016 22:28:38 +0100
Organization: PointedEars Software (PES)
Lines: 29
Message-ID: <4500052.tJGngFWhWt@PointedEars.de>
References: <1537bd9e261.12a0e5b4a204345.4468160629979098801@vmesel.com> <CAGq7KhregQabRkwUg6EQbqqy97FaYrC7WuWuSdO-=mhg0GSneg@mail.gmail.com> <500E8DF1-DCAC-4923-BD94-06DA1716484A@vmesel.com> <mailman.291.1458254120.12893.python-list@python.org> <1964524.jFVgOtWIx9@PointedEars.de> <mailman.298.1458257054.12893.python-list@python.org> <2334208.C0ktZ5B2k1@PointedEars.de> <mailman.392.1458396992.12893.python-list@python.org>
Reply-To: Thomas 'PointedEars' Lahn <usenet@PointedEars.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8Bit
X-Trace: solani.org 1458941318 31409 eJwFwYkBADAEBLCVPHVlHIr9R2hiCsa7B4ZjaxvXGTzrhCjSabg9qRWBaGlWm0wMQTxT2z8NhhDV (25 Mar 2016 21:28:38 GMT)
X-Complaints-To: abuse@news.solani.org
NNTP-Posting-Date: Fri, 25 Mar 2016 21:28:38 +0000 (UTC)
User-Agent: KNode/4.14.2
X-User-ID: eJwNycEBwCAIA8CVCiYBxxHU/Ueor3sch0wdEAVe3tWw9n05ipmIGeUH5envK7bt1IyESfQ1/EsVuo740KofO6cU3A==
Cancel-Lock: sha1:Ft9BlCqOH9LWb353PzxBYOi+YXY=
X-NNTP-Posting-Host: eJwNykEBACAIA8BKIDC0jgP6R9B7XxgUTEfAY2JAxMm1zXfdLhFrvSOOXuQvVsicY5zWpvgDEsERCg==
Xref: csiph.com comp.lang.python:105709

Chris Angelico wrote:

> […] Thomas 'PointedEars' Lahn […] wrote:
>> Chris Angelico wrote:
>>> […] Thomas 'PointedEars' Lahn […] wrote:
>>>> Daniel Wilcox wrote:
>>>>> Cool thanks, highly recommended to use an ORM to deter easy SQL
>>>>> injections.
>>>> That is to crack a nut with a sledgehammer.  SQL injection can be
>>>> easily and more efficiently prevented with prepared statements.  […]
>>> You don't even need prepared statements. All you need is parameterized
>>> queries.
>> A prepared statement in this context uses a parameterized query.
>>
>> 
<https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Defense_Option_1:_Prepared_Statements_.28Parameterized_Queries.29>
> 
> I know what a prepared statement is. And I know that they are
> effective. However they are overkill - as I said, you merely need
> parameterization.

Then enlighten me, please: How is “parameterization” or a “parameterized 
query”, as *you* understand it, different from a prepared statement?

-- 
PointedEars

Twitter: @PointedEars2
Please do not cc me. / Bitte keine Kopien per E-Mail.