Hi Daniel, Do you mind describing "shared SQL"?
Thanks. -----Original Message----- From: Dittmar, Daniel [mailto:[EMAIL PROTECTED] Sent: Friday, December 05, 2003 8:33 AM To: 'Martin Cordova S.'; [EMAIL PROTECTED] Subject: RE: SQL Injection risks... [snip] It is really better to use prepared statements. - no special handling of quotes - allows to insert newlines etc. into CHAR columns - no restrictions when using Blobs/LONGs - much better performance if the same statement can be used several times - better performance with shared SQL (7.5) If it is necessary to create a SQL statement with all the values, then single quotes have to be doubled to quote them, e.g. INSERT INTO testtable values ('That''s all') Daniel Dittmar -- Daniel Dittmar SAP Labs Berlin [EMAIL PROTECTED] -- MaxDB Discussion Mailing List For list archives: http://lists.mysql.com/maxdb To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
