>You don't understand software security, do you
Actually I do. It's my job. Well mostly hardware security, but they overlap.

SQL injections are a problem of untrusted data being mistaken for trusted code. When data cannot be mistaken for code it makes it very difficult for traditional SQL injection to happen. SQL promotes the problems of data/code confusion because it is a text string that contains both and constructing and handling that string correctly has provided lots of scope for error.

Keeping your data data and code code is great for mitigating SQL injection. It does nothing for a vast collection of other aspects of software security (E.G. xss, buffer overflow, side channels etc.), but for SQL injection, type safety in language and database API is just the ticket.

I don't think you got my point. I'm suggesting that SQL is contributing to the problem. Queries in is strings is not strongly typed. Function calls to BDB are. If you need an ORM to construct string queries, then you are trusting both yourself and the writers of the ORM framework writers to not screw up.

It safest to trust the fewest people not to screw up and then not screw up yourself.

Which will either block or give you data with no entropy unless you really know what you're doing.

To know and understand SQL is to know and understand that it is a steaming pile and other interfaces should be used.

Using a strongly typed language with a strongly typed database API, instead of that ugly hack called SQL will also mitigate SQL injections. Completely.

You're also free to pull your kid out of school because the teaching is incompetent, the school environment is crap.

I was exaggerating for comedic effect. The wife was a teacher, then an ed PhD, then an education prof. She knows all the dirt on testing.

This stuff has been filtered out of the basic high school package in the states. Calculus is an 'AP' topic. I.E. Advanced Placement. They let the white kids take AP classes. When someone tried to sneak non lily whites into an AP exam and succeeded, it was so shocking that they made it a film about it: http://en.wikipedia.org/wiki/Stand_and_Deliver

I went to school in Britain. No calculus => no college entrance.

Not my problem. I'm British.

Just move country.

You will be an interesting foreigner. With or without the internet, this gives you an edge.

Failing to collect the final payment and then blaming the (non)payer seems to be a common slime-ball trick.
The rental agency through which we rented our previous house tried this one.

But in 64 years, they will undergo gravitational collapse and turn into a neutron star.

He or she is not smoking anything. If you are poor and you take advantage of what is out there, you can get a college education paid for. There are thousands of state, federal, charitable and private programs that help pay for education. A good academic adviser can help you get access.

I'd already been a recipient of their 'creative' service with an airline credit card. Never again. I'm free to choose not to do business with them.

There was a cost to switching (mortgage refinance fees) but more than compensated for by switching to a variable rate mortgage.

Forcing me to switch my mortgage to my credit union, because I don't do business with chase.