>Unbelievable. There are TONS of books saying "sanitize your input strings" >and "use parameters for sql queries" and you're giving me this shit. WTF.
Isn't that what I've been saying? My question is, how could anybody have ever done anything different? Why would anybody ever design a user interface that lets somebody type in: SELECT mynastycode .... I'm not saying there couldn't be damage done if somebody designed a stupid interface. I'm saying, if I--who am no expert--never even came close to designing an interface that would permit such things, just by trying to follow common sense, then how is it possible that big-time "expert" developers have done it and caused damage? Ken www.stic-cil.org _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
