On Fri, Oct 21, 2011 at 10:47 PM, Alan Malloy <a...@malloys.org> wrote: > Can't repeat this strongly enough. Do not, ever, decide you can escape/ > sanitize the strings yourself so you don't need a parameterized query. > Maybe it works, but one of these days you'll slip up and get something > wrong. Just prepare a statement with the right number of ?s in it, and > then ask the SQL driver/server to fill in the blanks. They'll never > get it wrong, and it will be more efficient to boot if you can reuse a > parameterized query later.
Which is exactly what I said, yes? (just checking we're on the same page here). -- Sean A Corfield -- (904) 302-SEAN An Architect's View -- http://corfield.org/ World Singles, LLC. -- http://worldsingles.com/ Railo Technologies, Inc. -- http://www.getrailo.com/ "Perfection is the enemy of the good." -- Gustave Flaubert, French realist novelist (1821-1880) -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
