he's just selling a book, relax

i thought he hated "work visa" for a second, silly me

Incredible India

everyone is wrong, everyone is right. just use what tool you know best.

resque, or beanstalkd or zmq push/pull whatever

reminds me of json builder in ruby, yikes!

i dozed off after the first few paragraphs

how lame, do AR devs need someone to remind them about bind variables/params ?

(rant) Since Rails devs don't appear to believe in databases (and to be fair, if I was targeting MySQL version 3 I'm not sure I would believe in them much either), they don't bother using database features for binding. Instead having their own half baked (well, it 90% baked now, but it still has the occasional squishy bit) binding system.

Same for validations, foreign keys, primary keys, indexes, enumerations, etc. (/rant)

the places where these sql injections were happening wouldn't be prevented from traditional sql bindings which are applied to parts of the where clause or set values. in JDBC land i don't think you can do "SHOW TABLES FROM ? WHERE ...."

Binding variables is prepared statements? AR does support that, how does that affect this vulnerability?

Well for the money I'd pay in licensing this, I can just pay for more servers and use MySQL or PostgreSQL. Not that those two are slow at all.

You could, but that solution isn't of much help to someone with an existing .NET/SQL Server application. Making a few tweaks is probably a lot cheaper than a wholesale change to a different database server.

5 mins of my life i will never get back. object mappers are good enough, write better oop and embrace sql if you need to.