On 11 Oct 2008, at 9:02 pm, Svein Ove Aas wrote:
On Sat, Oct 11, 2008 at 9:30 PM, Iain Barnett <[EMAIL PROTECTED]>
wrote:
Personally, I use stored procedures with a database as they
protect from sql
injection attacks (unless you write some really stupid procedures).
Isn't this what parametrized queries are for?
they will also work (at least in MS SQL Server), but you'd lose some
of the performance and organisational benefits.
And it stops people littering code with badly written SQL statements
- at least I can keep track of the procedures! :)
Iain
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
