Stefan Esser wrote:
Hello Lukas,
Maybe I am missing something. If you are talking about dynamic query
generation in stored routines, then I would think that people who read
the advice over dynamic query generation for PHP, that they would
hopefully also apply those practices to when they are writing/using
stored routines. Also DBA's in general are not all that fond of
dynamic query generation in stored routines.
Well in a team it is quite likely that people writing PHP applications
are not those writing Stored Procedures for the SQL Databases. At least
all big projects I have seen have their own team for complicated SQL
Queries. Additionally your statement assumes that people are reading
documentation ;)
Well if the people on your team writing the stored procedures do not
know about how to protect against SQL injection how is that a PHP issue?
Its a common issue that all types of programmers have to learn. The
key lesson here is that again you need to remember that switching
context means that you need to take care about the security implications
of this and its best if both sides are aware of this and alert eachother
of potential issues.
regards,
Lukas
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
