Hi Thomas, Torque 3.2 also implements SqlExpression.quoteAndEscapeText
Regards, Adrian On Fri, Aug 5, 2011 at 5:22 PM, Thomas Fox <thomas....@seitenbau.net> wrote: > Torque 3.3 escapes Strings in Queries(see method > org.apache.torque.util.SqlExpression.quoteAndEscapeText(String, DB)), so > SQL injection should not be a problem. > The current Torque 4 trunk uses Prepared statements throughout, which is > probably even better. > > Thomas > > Adrian Paleacu <adrian.pale...@gmail.com> schrieb am 05.08.2011 16:14:10: > > > Von: > > > > Adrian Paleacu <adrian.pale...@gmail.com> > > > > An: > > > > torque-user@db.apache.org > > > > Datum: > > > > 05.08.2011 16:14 > > > > Betreff: > > > > Torque and SQL Injection > > > > Hi everyone, > > > > I'm wondering how safe is torque on sql injection attacks, I dind't fine > any > > official page on that. > > > > > > Regards, > > > > Adrian > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: torque-user-unsubscr...@db.apache.org > For additional commands, e-mail: torque-user-h...@db.apache.org > >
