Svein Ove Aas wrote:
On Sat, Oct 11, 2008 at 9:30 PM, Iain Barnett <[EMAIL PROTECTED]> wrote:
Personally, I use stored procedures with a database as they protect from sql
injection attacks (unless you write some really stupid procedures).
Isn't this what parametrized queries are for?
Yes. (And it also improves DB performance since it doesn't have to
continually reparse the query and rebuild the query plan.)
Now consider dynamically constructing HTML and avoiding HTML injection
attacks. There isn't an easy machine fix for that one.
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
