Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
pinopinopino
on Dec 12, 2019
|
parent
|
context
|
favorite
| on:
Using Clojure for Web Apps
I am more of Scheme guy and always feel Lisp is pretty overwhelming, but this looks quite clean. I like the little language for writing HTML.
pinopinopino
on Dec 12, 2019
[–]
But this looks like a sql injection awaiting to happen:
(defn inc! [id] (kc/exec-raw (format "UPDATE articles SET count = count + 1 WHERE id = %s" id)))
(From
https://github.com/tbsschroeder/clojure-webshop-app/blob/mas...
) You don't need format it seems:
https://github.com/korma/Korma/blob/master/src/korma/core.cl...
jb1991
on Dec 13, 2019
|
parent
[–]
sanitizing SQL queries is just as simple in Clojure as in any other language (maybe more so), even if it wasn't done in this example.
pinopinopino
on Dec 21, 2019
|
root
|
parent
[–]
It looks like it is builtin even in the library he uses. So not sure why he chooses format.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
