On Apr 28, 2010, at 10:02 AM, Stephen Russell wrote:
> Having proof of textual clean processes allows you to override the
> statement. Not having them keeps the statement valid.
No, not at all. Incorrectly-done code is unsafe, and the type of code
is irrelevant. Your statement tars all dynamic SQL with the same brush, and
that is wrong.
> In some of the apps my company has they do not validate text before
> presentation to the db. I would just guess that it happens more then
> you think.
I don't know your company's code, so I have no idea how solid or crappy
it is.
I always review any code I have a hand in for errors, and make sure
they are fixed before it is released. I find all sorts of errors, so your odd
focus on one particular type suggests to me that you might be missing other
potential problems.
> I was chastised by my boss for putting in time to make one.
> He thought I was wasting time but the other lead agreed that we have
> a lot of missing tools and was happy that I started to fill the void.
> Long Live the PHB !!!
If you know you have a PHB, just nod and say 'yes, sir', and then go
ahead and do the right thing anyway.
-- Ed Leafe
_______________________________________________
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/f5abdc49-819a-4dcd-aa0a-d5d080a04...@leafe.com
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
