"Michael R. Fahey" wrote:
>
> I was looking at a perl script where the developer used different names
> for the incoming parameters and the database field names. He told me
> that this was done for security reasons-- to ensure that malicious users
> would not be able to discover the field names in the database being
> updated or queried. How dangerous is this? I think it would be easier to
> work with a hash of parameters from the input form.
i would think if you were using placeholders in your sql you wouldn't
have a problem. from my experience, if you don't use placeholders then
you'll have trouble.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
