On Fri, 26 Sep 2008 14:04:35 -0500 "Michael Mabin" <[EMAIL PROTECTED]> wrote: > Doesn't it depend on where and why you intend to execute the code? > Obviously some SQL is more at risk for exploit when the input is from the > screen on a web page than if you were running parameterized code in a > controlled batch environment. Or if you were writing code generators (which > is what I happen to do) which won't be run by the general public. > > Incidentally, couldn't input field edits prevent such exploits prior to > interpolation?
I encourage my competitors to program that way. -- D'Arcy J.M. Cain <[EMAIL PROTECTED]> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner. -- http://mail.python.org/mailman/listinfo/python-list