On Tue, 2008-05-06 at 23:56, William A. Rowe, Jr. wrote: > Or more specifically, could you elaborate on the dbd changes within > apr 1.3.x that need additional review? Why is this driver not > correctly dodged? > > Bill
If the docs are not clear to you, I think that demonstrates the need for further review. What is unclear about ¨The underlying library doesn't support prepared statements, so the driver emulates them, and the untrusted input is merged into the SQL statement.¨ ? -- Nick Kew
