On Thu, Jun 21, 2012 at 1:43 PM, Lee Peedin <[email protected]> wrote:
> Converting a .nill to NULL would/should be the responsibility of the
> implementer.
>
Hi Lee,
Not sure who you mean by the implementer here. The implementer of the
.ooSQLite package, or the implementer of the program that uses the
.ooSQLite package.
> And the best place to do that would be in a sanitize routine that all
> column values should be sent to prior to an insertion/update. That is if
> you want to bypass the possibility OS SQL injection.
>
SQL injection is only a problem if you are using data coming from an
untrusted source. So far what we are talking about is data coming from the
programmer himself. So it is not untrusted.
In addition, what we are talking about is a single string, there are no
separate arguments for column values.
I think the place for a sanitizer routine is in the application that uses
.ooSQLite.
--
Mark Miesfeld
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Oorexx-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
