On Thu, 9 Jul 2009, Raymond Wan wrote: >> I'm almost as new to SQL as I am to Mason! If you could explain the >> significance of this difference to me, or at least point me to some >> explanation, I will bring the code up to par... > > hhaamu's point is correct, of course. > > But another option is to check user input right when it comes in and then > after > that, when you can be sure nothing funny can creep in, you can be a bit sloppy > with the checking. Of course, in this case, being sloppy isn't going to hurt > the server's execution time -- so this point is perhaps irrelevant in this > case. > ...and better safe than sorry.
No, there is only one option, and that is to use bound variables. Anything else is asking for trouble. This is a well-known security problem with a well-known fix. No need to get fancy. -dave /*============================================================ http://VegGuide.org http://blog.urth.org Your guide to all that's veg House Absolute(ly Pointless) ============================================================*/ ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Mason-users mailing list Mason-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mason-users
