Cho tới khi nào đường đi ít trở ngại nhất vẫn chưa an toàn, thì bảo mật bằng sự che giấu vẫn sẽ còn được dùng

Khái niệm::
So if a standardized, non-textual, tree-structured protocol could be constructed for describing and communicating queries to the database, and it was designed to be easier to use than textual queries, then that would solve the problem in the long term. But the problem won’t go away until the industry adopts something where the path of least resistance is safe. As long as we insist on unsafe-by-default systems where writing safe code takes unnecessary effort, problems will be with us. (Think of all the buffer overflows that don’t exist at all in memory-managed languages!)
SQL injection is 17 years old. Why is it still around?

And as long as the market prefers it cheap and does not care much about security you get the cheap and insecure solutions. And while security by design helps a lot to make it better developers often work around this design because they don’t understand it and it is just in their way.
SQL injection is 17 years old. Why is it still around?