At 4:54 PM -0400 4/28/10, David Stoltz wrote:
My concern is passing SQL queries in this way is not best practice - am
I wrong? Please let me know how you would react to this?

David :

First, you are not wrong.

Second, that's exactly the type of security risk you want to protect yourself from.

Third, never trust anything coming from client-side (i.e., POST, GET, or COOKIE).

Now, they (the vendor) can throw all the layers of confusion/nonsense (it's SSL, APS.NET, or will happen later) on this as they want, but the point remains this is permitting client-side access to a database and that is NOT good.




PHP General Mailing List (
To unsubscribe, visit:

Reply via email to