Follow I have a theory that the only that can appear in a client application is "call proc_name (arguments);", if the server is properly configured to accept only these, SQL injection is no longer an issue.

Sign in to participate in the conversation
Functional Café

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!