Le dimanche 25 juin 2006 à 10:59 -0600, Tony Lambregts a écrit : [...] > I am more in favor of this approach than using makeSafe() and do the same > thing > as Chris's query_parameters() patch. However I am hard pressed to say whether > this method is really better or safer than query_parameters(). > > I have had real issues with makeSafe() the primary one is that IMO the place > to > make sure that we are safe from sql injection is where we create the SQL. The > makeSafe() did not do that. > > The changes to that are only cosmetic and make it harder to see the actual > changes. Formating changes should be in a separate patch. > > Also I would really appreciate a "Files Changed:" section that lists the > files > changed/added/removed by this patch. I find that it really helps in reviewing > patches. > > Please resubmit with the formating changes in a separate patch.
Thanks for your comments. I was aware that my changes weren't really atomic but I sent the patch to get some comments. If everyone agrees with the approach I'll make separate patches tomorrow. Thanks
signature.asc
Description: Ceci est une partie de message numériquement signée
