Dan, I was referring to the length as argument, not to the escape issue :).
Regards, Bogdan Dan Pascu wrote: > On Monday 21 April 2008, Bogdan-Andrei Iancu wrote: > >> Hi Dan, >> >> Right, this is one more reason for having in the DB API a clear >> distinction between the string-like and blob-like types. >> > > SQL injection can happen with any of blob, text, char, varchar if not > escaped. There is no distinction between the 2 regarding this issue. > > _______________________________________________ Devel mailing list [email protected] http://lists.openser.org/cgi-bin/mailman/listinfo/devel
