On 6/27/07, Alexander Foken <[EMAIL PROTECTED]> wrote:
> I found this patch by Alexander Foken
(that's me)
and thanks for making it available

Do you know what SQL injection means? If yes, why do you still use this
code style? If no, please learn what it means, a good starting point is
http://en.wikipedia.org/wiki/SQL_injection

Sure I know. We are talking about some internal application at a client
that  it seems has no outside interface so the risks are much smaller.

In addition this is legacy code they would like to keep working.

It can't work, because the ODBC API only accepts non-Unicode SQL
statements, or at least I did not find a way to make ODBC work with SQL
strings encoded in UTF-8

they have a patch that fixes the problem for inline SQL statement but does not
work when using placeholders. I was asked to integrate this and publish it
but as I found your patch and as I guess it was already tried by much more
users than what we have it might make more sense to take your patch
and add the capability to handle sql statements without placeholders.

So I would like to see someone more knowledgeable than me starting to take
care of DBD::ODBC and starting to collect the available patches.

Once I see that the patches already available are integrated and
released as some development version I hope I can find a way to send a
patch including the extra fix for the maintainers consideration.

In any case uploading new development versions of the module including the
various patches will make it more accessible for anyone to test.

regards and thanks again for your work
  Gabor

--
Gabor Szabo
http://www.szabgab.com/
Perl Training in Israel  http://www.pti.co.il/

Reply via email to