Yep. Rpeating you for emphasis, not repeating myself to disagree with you. On Oct 22, 12:37 am, Sean Corfield <seancorfi...@gmail.com> wrote: > On Fri, Oct 21, 2011 at 10:47 PM, Alan Malloy <a...@malloys.org> wrote: > > Can't repeat this strongly enough. Do not, ever, decide you can escape/ > > sanitize the strings yourself so you don't need a parameterized query. > > Maybe it works, but one of these days you'll slip up and get something > > wrong. Just prepare a statement with the right number of ?s in it, and > > then ask the SQL driver/server to fill in the blanks. They'll never > > get it wrong, and it will be more efficient to boot if you can reuse a > > parameterized query later. > > Which is exactly what I said, yes? (just checking we're on the same page > here). > -- > Sean A Corfield -- (904) 302-SEAN > An Architect's View --http://corfield.org/ > World Singles, LLC. --http://worldsingles.com/ > Railo Technologies, Inc. --http://www.getrailo.com/ > > "Perfection is the enemy of the good." > -- Gustave Flaubert, French realist novelist (1821-1880)
-- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en