At 4:54 PM -0400 4/28/10, David Stoltz wrote:
My concern is passing SQL queries in this way is not best practice - am
I wrong? Please let me know how you would react to this?

David :

First, you are not wrong.

Second, that's exactly the type of security risk you want to protect yourself from.

Third, never trust anything coming from client-side (i.e., POST, GET, or COOKIE).

Now, they (the vendor) can throw all the layers of confusion/nonsense (it's SSL, APS.NET, or will happen later) on this as they want, but the point remains this is permitting client-side access to a database and that is NOT good.

Cheers,

tedd

--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to