On Mon, 13 Aug 2007 16:55:34 -0400 Art Protin <[EMAIL PROTECTED]> wrote:
> >It may seem adequate, but it isn't. Table/column names from external
> >sources have to deal with the exact same set of data injection issues
> >that values from external sources do.
> It is a mistake to say "the exact same
Mike Meyer wrote:
> On Sun, 12 Aug 2007 21:51:33 -0400 Carsten Haese <[EMAIL PROTECTED]> wrote:
>> On Sun, 2007-08-12 at 18:12 -0400, Mike Meyer wrote:
>>> You're right, in that the existing mechanisms *can* deal with the
>>> issues. However, two of the points that comes up over and over again
>>>
On Sun, 12 Aug 2007 21:51:33 -0400 Carsten Haese <[EMAIL PROTECTED]> wrote:
> On Sun, 2007-08-12 at 18:12 -0400, Mike Meyer wrote:
> > You're right, in that the existing mechanisms *can* deal with the
> > issues. However, two of the points that comes up over and over again
> > here is "use paramete
Dear folks,
Mike Meyer wrote:
On Sun, 12 Aug 2007 17:05:44 -0400 Carsten Haese <[EMAIL PROTECTED]> wrote:
-1. The problem that your proposal is trying to solve doesn't exist. For
supplying variable values, parameter binding as it is (with the addition
of making qmark and named mandatory
On Monday 13 August 2007 14:16, Carsten Haese wrote:
> On Sun, 2007-08-12 at 20:34 +0200, Paul Boddie wrote:
> > Meanwhile, we still need a better way of dealing with parameters. Having
> > a database module tell me at runtime that its paramstyle is "xyz" is not
> > particularly useful if I've alre
On Sun, 2007-08-12 at 20:34 +0200, Paul Boddie wrote:
> Meanwhile, we still need a better way of dealing with parameters. Having a
> database module tell me at runtime that its paramstyle is "xyz" is not
> particularly useful if I've already written my queries
True. That's why we decided not too
On Sunday 12 August 2007 19:07, Mike Meyer wrote:
>
> How is "We only recognize parameter markers where we recognize
> parameter markers" *not* circular?
The SQL specifications dictate where parameter markers can be used. Please
search for "SQL-92" and examine the specifications document for furt
