From: pDale <[email protected]> > - using a PL/SQL routine as Scott suggests seems to me the best > > solution, though dynamic SQL might also become a tuning nightmare > > > If he can't build the SELECT in Perl, he shouldn't be allowed to do it in > PL/SQL, either, right? Can PL/SQL detect SQL injection attacks better than > Perl code?
No. But the checks in place are used no matter the client that connects to the database and are reviewed by the DBAs. And you can generaly expect more experience from the DBAs than from any random Joe coder. Generaly. Jenda ===== [email protected] === http://Jenda.Krynicky.cz ===== When it comes to wine, women and song, wizards are allowed to get drunk and croon as much as they like. -- Terry Pratchett in Sourcery
