Ethan Rosenberg wrote:
I'm probably wrong, but in some contexts; eg, sql query, $ signs are not used.
I tried and added the incorrect $ sign, and Netbeans did not complain.  If
anyone knows of an editor that will able to spot this kind of error, please
inform the list.


You do need to take a little more care when using variables IN strings and watch that they are highlighted. As you say, the parsing is not actually wrong as it is valid 'text' and adding SQL parsers for every database is not really practical and probably would not fix the problem anyway? Personally I use Firebird, and have always built the SQL using parameters, so that the SQL is pure text, and values are passed in an array. This is something MySQL was a lot later in catching onto, but many of the simple security problems are totally eliminated using that approach.

--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to