On 8/13/07, Steve Ellenoff <[EMAIL PROTECTED]> wrote: > I'm going to answer my own post here, since nobody else did! (Shame > on you all!) <g> > > A new option value was added to the ODBC options flags (from version 3.51.18): > 67108864 FLAG_MULTI_STATEMENTS
So, YOU installed an newer versions of the MyODBC driver that included a CHANGE to the way it worked (a security feature) and you want US to apologize for not knowing what YOU installed? Oh, I'm sorry. My bad ;) http://dev.mysql.com/doc/refman/5.1/en/myodbc-news-3-51-18.html "Connector/ODBC now supports batched statements. In order to enable cached statement support you must switch enable the batched statement option (FLAG_MULTI_STATEMENTS, 67108864, or Allow multiple statements within a GUI configuration). Be aware that batched statements create an increased chance of SQL injection attacks and you must ensure that your application protects against this scenario. (Bug#7445)" That's an interesting way to patch the potential of some classes SQL Injection attacks, by rejecting multiple statements. I'd prefer a transient setting, ("SET MULTISTATEMENT ON", then your statements, "OFF"). But it makes sense that a lot of the more common apps should be able to run with this off. -- Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[EMAIL PROTECTED] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
