Hi Folks
> I usually use placeholders in DBI. Is this
enough for avoiding SQL
> injections?
Keywords: Inject, SQL, Oracle
http://online.securityfocus.com/infocus/1644
http://www.nextgenss.com/papers.html
http://www.ngssoftware.com/research/papers.html
http://www.ngssoftware.com/papers/advanced_sql_injection.pdf
http://www.ngssoftware.com/papers/more_advanced_sql_injection.pdf
http://www.esecurityplanet.com/trends/article.php/2243461
http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf
http://www.webcohort.com/Blindfolded_SQL_Injection.pdf
http://online.securityfocus.com/infocus/1644
--
Ron Savage
http://savage.net.au/index.html