Torque 3.3 escapes Strings in Queries(see method
org.apache.torque.util.SqlExpression.quoteAndEscapeText(String, DB)), so
SQL injection should not be a problem.
The current Torque 4 trunk uses Prepared statements throughout, which is
probably even better.

     Thomas

Adrian Paleacu <[email protected]> schrieb am 05.08.2011 16:14:10:

> Von:
>
> Adrian Paleacu <[email protected]>
>
> An:
>
> [email protected]
>
> Datum:
>
> 05.08.2011 16:14
>
> Betreff:
>
> Torque and SQL Injection
>
> Hi everyone,
>
> I'm wondering how safe is torque on sql injection attacks, I dind't fine
any
> official page on that.
>
>
> Regards,
>
> Adrian


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to