Torque 3.3 escapes Strings in Queries(see method
org.apache.torque.util.SqlExpression.quoteAndEscapeText(String, DB)), so
SQL injection should not be a problem.
The current Torque 4 trunk uses Prepared statements throughout, which is
probably even better.
Thomas
Adrian Paleacu <[email protected]> schrieb am 05.08.2011 16:14:10:
> Von:
>
> Adrian Paleacu <[email protected]>
>
> An:
>
> [email protected]
>
> Datum:
>
> 05.08.2011 16:14
>
> Betreff:
>
> Torque and SQL Injection
>
> Hi everyone,
>
> I'm wondering how safe is torque on sql injection attacks, I dind't fine
any
> official page on that.
>
>
> Regards,
>
> Adrian
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]