SQL Injection Myths and Fallacies


Comments are closed.

Very detailed & well thought out discussion. Bill spoke very competently, especially in answering questions from the audience. Definitely a talk worth attending.

Learned two new things: the Elvis operator ?: and the use of whitelist mappings to help prevent injection of arbitrary strings.

Very rare to find a DBA who also has an extensive web-based programming background like Bill.

Bill Karwin knocked it out of the park like always. Great code examples and format for his presentation.

Anonymous at 09:58 on 24 Oct 2011

Great talk with good examples. Not only examples of what was wrong but what to do to fix it.