On Apr 15, 2006, at 12:44 PM, Marco Bambini wrote:
I am quite sure that it does with sqlite3 (and
SQLite3ProfessionalPlugin) because after:
vm = db3.Prepare("select a,b,c where d = ? and e = ?")
vm is a compiled virtual machine and the commands:
vm.BindText(1, "first string")
vm.BindText(2, "second string")
doesn't do a simple replace inside the original statement, but
instead they works like a "data providers" for the virtual machine.
---
Marco Bambini
http://www.sqlabs.net
http://www.sqlabs.net/blog/
Right.
A proper implementation SHOULD protect against SQL injection but some
are not working this way and so bind variables are not the solution.
And, since he isn't using the SQLite3ProfessionalPlugin that's out of
the range of options for him anyways
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
