Ethan Rosenberg wrote:
I'm probably wrong, but in some contexts; eg, sql query, $ signs are not used.
I tried and added the incorrect $ sign, and Netbeans did not complain. If
anyone knows of an editor that will able to spot this kind of error, please
inform the list.
You do need to take a little more care when using variables IN strings and watch
that they are highlighted. As you say, the parsing is not actually wrong as it
is valid 'text' and adding SQL parsers for every database is not really
practical and probably would not fix the problem anyway? Personally I use
Firebird, and have always built the SQL using parameters, so that the SQL is
pure text, and values are passed in an array. This is something MySQL was a lot
later in catching onto, but many of the simple security problems are totally
eliminated using that approach.
Lester Caine - G8HFL
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php