>http://www.yacoset.com/Home/signs-that-you-re-a-bad-programmer/
From the above: "5. Constructing SQL queries by string concatenation with **unvalidated** or unescaped input " (emphasis added) Thus a cite from authority that there is nothing wrong with creating queries by string concatenation as long as you validate the input first. Heheheheheh... Ken Dibble www.stic-cil.org _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
