On 1 September 2010 13:47, silky <[email protected]> wrote: > It's hard to blame the programmers totally for this, as it's almost > always a business issue that has lead to the poor implementation > (security not being a priority).
I don't know that it is fair to say it is 'almost always a business issue'. I don't think it really takes much more time to write a parameterised stored procedure that does not execute SQL versus sticking strings together in a haphazard/dodgy fashion. Developers should step up and take responsibility and pride in the quality of the work they produce IMNSHO. [ ... ] -- *David Connors* | [email protected] | www.codify.com Software Engineer Codify Pty Ltd Phone: +61 (7) 3210 6268 | Facsimile: +61 (7) 3210 6269 | Mobile: +61 417 189 363 V-Card: https://www.codify.com/cards/davidconnors Address Info: https://www.codify.com/contact
