I agree. Thanks for general guidance on using parameterized queries. I will switch to use prepared statements instead.
On Oct 22, 3:51 am, Alan Malloy <a...@malloys.org> wrote: > Yep. Rpeating you for emphasis, not repeating myself to disagree with > you. > > On Oct 22, 12:37 am, Sean Corfield <seancorfi...@gmail.com> wrote: > > > > > > > > > On Fri, Oct 21, 2011 at 10:47 PM, Alan Malloy <a...@malloys.org> wrote: > > > Can't repeat this strongly enough. Do not, ever, decide you can escape/ > > > sanitize the strings yourself so you don't need a parameterized query. > > > Maybe it works, but one of these days you'll slip up and get something > > > wrong. Just prepare a statement with the right number of ?s in it, and > > > then ask the SQL driver/server to fill in the blanks. They'll never > > > get it wrong, and it will be more efficient to boot if you can reuse a > > > parameterized query later. > > > Which is exactly what I said, yes? (just checking we're on the same page > > here). > > -- > > Sean A Corfield -- (904) 302-SEAN > > An Architect's View --http://corfield.org/ > > World Singles, LLC. --http://worldsingles.com/ > > Railo Technologies, Inc. --http://www.getrailo.com/ > > > "Perfection is the enemy of the good." > > -- Gustave Flaubert, French realist novelist (1821-1880) -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
