Perhaps the adapters that take raw string queries can be "sanitized" with class internal methods
On 26 ene, 18:34, pbreit <pbreitenb...@gmail.com> wrote: > Fixed, thank you. > > So do you think that functionality will remain? It definitely comes in > handy where DAL doesn't support a query type or even if someone just wants > to use some SQL but get the rest of the DAL functionality. Certainly there > are security ramifications if you are accepting user generated queries. And > now that I think about it, there are security issues with my implementation > since I am taking a search parameter.
