Comment Re:LOL (Score 1) 117
>You don't understand software security, do you
Actually I do. It's my job. Well mostly hardware security, but they overlap.
SQL injections are a problem of untrusted data being mistaken for trusted code. When data cannot be mistaken for code it makes it very difficult for traditional SQL injection to happen. SQL promotes the problems of data/code confusion because it is a text string that contains both and constructing and handling that string correctly has provided lots of scope for error.
Keeping your data data and code code is great for mitigating SQL injection. It does nothing for a vast collection of other aspects of software security (E.G. xss, buffer overflow, side channels etc.), but for SQL injection, type safety in language and database API is just the ticket.