On Mon, Jul 12, 2010 at 09:45:20AM -0400, Sam Carleton scratched on the wall:
> Michael,
>
> Actually I am building the string myself and it is very controlled, the Id's
> are coming from an internal source, but it violates my general rule of never
> building query strings. Of course there are al
Michael,
Actually I am building the string myself and it is very controlled, the Id's
are coming from an internal source, but it violates my general rule of never
building query strings. Of course there are always exceptions to the rule
and it looks like this is one of those exceptions.
Thank yo
Is there any reason why you need to bind it?
Can't you just build the SQL string yourself? As long as your IN parameters
are well-controlled I don't think it should be a security risk. Plus you can
check for more then one"(" after you build the string.
#include
#include
int countparens(ch
3 matches
Mail list logo
