| ▲ | coldtea 5 hours ago | |
It's not about if it can happen or if it happens. It's about how easily it's mitigated completely. Use a proper db library which does escaping and it's completely eliminated. | ||
| ▲ | brookst 2 hours ago | parent [-] | |
Nit: modern DB libraries use wire protocols where SQL injection is mitigated by modeling parameters; it’s not just assembled to one big SQL statement and escaped. Agree with your point though. There will come a time when properly designed LLM apps are not vulnerable, and there will still be poorly designed apps that are. | ||