Trouble is modern web-development is so dumb they just treat databases as dumb-blackboxes. So hence they end up in situations like this where security is thrown out the window in the name of minimising any obstacles to get data from the database (and no doubt dump it all into a stupid array in the frontend).
This creates a self-perpetuating lore amongst devs that databases are "slow".
But this is largely because they can't be bothered to use the database in the correct manner (correct schema design, sprocs etc. etc.)
And don't get me started on the "portable query" junk ! Sure you can write dumb queries that run on everything from SQLite to Oracle, but its far from being a remotely sensible thing to do.
Trouble is modern web-development is so dumb they just treat databases as dumb-blackboxes. So hence they end up in situations like this where security is thrown out the window in the name of minimising any obstacles to get data from the database (and no doubt dump it all into a stupid array in the frontend).
This creates a self-perpetuating lore amongst devs that databases are "slow".
But this is largely because they can't be bothered to use the database in the correct manner (correct schema design, sprocs etc. etc.)
And don't get me started on the "portable query" junk ! Sure you can write dumb queries that run on everything from SQLite to Oracle, but its far from being a remotely sensible thing to do.
Rant over. ;)