On Tue, Apr 25, 2006 at 04:24:04PM +0200, Grzesiek Slusarek wrote:
> Hi all. In my apps I'm using select with clase="my_column like
> ('%s%')" %(myvariable). I'm wondering does SqlObject can escape
> values that I put in select (to pretend e.g. SqlInjection).
No, SQLObject doesn't do such protection.
Oleg.
--
Oleg Broytmann http://phd.pp.ru/ [EMAIL PROTECTED]
Programmers don't die, they just GOSUB without RETURN.
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
sqlobject-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/sqlobject-discuss
