Hi!. Isn’t SQL Injection a fault of poor… | by Erik “Edgar A. Perry, A Bostonian”

2 min readJun 4, 2018

Hi!

Isn’t SQL Injection a fault of poor security on input forms? Saying that this is the fault of RDBMS is like saying a bank got robbed because it had tellers in the same building with the money.

Second, for the time, normalization — that breaking up of data into respective categories you complain about — made a lot of sense, considering memory requirements. Consider a simple database with two tables:

Car make information and owner information for 10 makes and 10k owners.

Car make might have 1 row for each make with make specific information on each row.

Owner information would have one row per owner with one column for make id, pointing back to the make table.

If, say, one row of make data were 100kb, and one row of owner data, just owner data, were 100kb, in a normalized approach you’d get 10 rows for makes in the make table 1000kb and 10k rows at 100kb each for the owners + an id field: grand total about 1000kb + 1,000,000kb + an index per row for 10k rows, negligable.

However, if you data warehouse it and you don’t normalize it, you get 10k rows of owner info at 100kb + all the car make info [100kb] for every combination. That’s 200kb*10k or 2,000,000kb.

Compare the non-normalized 2,000,000kb versus the RDBMS 1,001,000kb and you see why it made such a big difference.

Third, OO programming works well with normalization of data. Nobody makes one big class for owner/car make/dealership to represent non-normalized data. Classes in OO make sense with normalization.

Fourth, regarding DRY, I could try to take it on, as it doesn’t seem to be a flaw in RDBMS in itself, but I’m tired by now.

Please tell us what your solution was in the ’70s which was better?

ERPs are difficult. I know. I programmed them for decades. A solidly normalized RDBMS makes it easier, though.

Now, with memory being what it is, companies have the luxury of considering other database formats.

However, when you compare spreadsheets, flat files, and actual paper in filing cabinets versus all of the benefits of RDBMSs, the way business was run was greatly improved in the 70’s and beyond.

Written by Erik “Edgar A. Perry, A Bostonian”