On Apr 28, 2010, at 10:02 AM, Stephen Russell wrote: > Having proof of textual clean processes allows you to override the > statement. Not having them keeps the statement valid.
No, not at all. Incorrectly-done code is unsafe, and the type of code is irrelevant. Your statement tars all dynamic SQL with the same brush, and that is wrong. > In some of the apps my company has they do not validate text before > presentation to the db. I would just guess that it happens more then > you think. I don't know your company's code, so I have no idea how solid or crappy it is. I always review any code I have a hand in for errors, and make sure they are fixed before it is released. I find all sorts of errors, so your odd focus on one particular type suggests to me that you might be missing other potential problems. > I was chastised by my boss for putting in time to make one. > He thought I was wasting time but the other lead agreed that we have > a lot of missing tools and was happy that I started to fill the void. > Long Live the PHB !!! If you know you have a PHB, just nod and say 'yes, sir', and then go ahead and do the right thing anyway. -- Ed Leafe _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/f5abdc49-819a-4dcd-aa0a-d5d080a04...@leafe.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.