LitKnd / littlekendracomments

1 stars 0 forks source link

Post: Use ChatGPT to see multiple perspectives. An example: ORMs and database code #43

Open LitKnd opened 1 year ago

LitKnd commented 1 year ago

Comments for the blog post that is, or will be live at https://littlekendra.com/2023/01/18/chat-gpt-discusses-orms-and-databases/

m60freeman commented 1 year ago

While it is true that "ORMs can help prevent SQL injection attacks by automatically parameterizing queries and escaping user input", it takes careful use of specific development practices for this to occur so they often stuff hard-coded values into queries rather than parameterizing them. The developers are almost always surprised when this is brought to their attention by a DBA. My favorite is seeing Entity Framework/LINQ generate an IN() that contains thousands of literal values in a WHERE clause.