At 4:54 PM -0400 4/28/10, David Stoltz wrote:
My concern is passing SQL queries in this way is not best practice - am
I wrong? Please let me know how you would react to this?
First, you are not wrong.
Second, that's exactly the type of security risk you want to protect
Third, never trust anything coming from client-side (i.e., POST, GET,
Now, they (the vendor) can throw all the layers of confusion/nonsense
(it's SSL, APS.NET, or will happen later) on this as they want, but
the point remains this is permitting client-side access to a database
and that is NOT good.
http://sperling.com http://ancientstones.com http://earthstones.com
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php