On Saturday, 21 December 2013 at 01:03:32 UTC, H. S. Teoh wrote:
Well, in that case it's not *as* bad of an idea. :P But still,
you want
to be careful any time arbitrary, unfiltered user input is
involved,
especially when said user input is code (the executable may not
be run,
but remember that D code has CTFE).
Yeah. When I started using the "ddb" library for this venture
textual query parameters were unimplemented. I declined to use
the suggested workaround of query string concatenation; now *that*
would be really dangerous :-) Once again, thanks for Adam Ruppe
for making those work.
