On Apr 28, 2010, at 9:41 AM, Stephen Russell wrote:
> Dynamic SQL is very unsafe from an injection POV. But you knew that.
That is so not true. Dumb programmers are unsafe, and anyone who would
accept unescaped outside text and execute it, whether in SQL or not, is dumb.
There are safe ways to create dynamic SQL, just as there are safe ways
to create dynamic HTML. It is silly and somewhat irresponsible to claim
anything like "Dynamic SQL is unsafe".
-- Ed Leafe
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
