On Thu, Feb 16, 2012, at 11:37 AM, Grigore Dolghin wrote: > "bending design to use sqlparameters" should be read as > "doing > it right in the first place".
It has to be said, the use of parameters is pretty well accepted as best practice as far as I know, and I also agree with not re-inventing the wheel to sanitise input yourself when you could let the DB backend do it, and take advantage of all the expertise and design that went into it. -- Alan Bourke alanpbourke (at) fastmail (dot) fm _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
