Do you remember little Bobby Tables? This is him now.
I wanna meet the web dev who’s still not sanitizing inputs in 2025.
If you mean front end developers, then yes, that’s me.
First, it’s not front end’s responsibility to sanitise the input before executing the query because it’s not the front end code which operates on the database. What if we have ten front ends? Implement it ten times?
Second, it’s the back end who’s executing the query so they are doing it anyway. Doing it in the front end code is a waste of time and electricity.
It’s not a war zone outpost. There is no such thing as multiple layers of security. It’s absurd to think that a piece of malicious data “beat up” the security code at the first spot, just to be knocked out by the same security code further down the road. If a piece is code is effectively sanitising the input then the best place to put it is where it’s closest to the database, and it only needs to happen once.
Yes. That’s a given. As long as it’s in the back end, there isn’t a problem. My concern is if someone out there still isn’t checking it at all. There must be some inept devs out there if SQL injection attacks on the web are still a thing. That’s the kind of thing you’d hear about way back in 2004. Hell I know to defend against it and I don’t even do web development.
You’d be surprised! The developers at my company are terrible at their jobs and do the bare minimum lol
Good one
