On Tue, Feb 14, 2012, at 08:22 PM, Ken Dibble wrote: > > You would say, "because if you use a different back end with SQL > pass-through then you have a problem." > > To which I reply, "My application already validates user input and won't > permit any SQL commands that I do not explicitly want to use to be > inserted > into a variable."
Why not let the database back-end sanitise the input for you, though? It can probably do it better than anything I or you could write. -- Alan Bourke alanpbourke (at) fastmail (dot) fm _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
