dave lilley wrote:
> I am using sqlite3 with ruby and hope I'm not out of place here in ask for
> some help on how to stop or reduce injection threats via sql statements made
> by a user be it accidental or deliberate.
>
> I want to build a select query from user entered data and then return rows
> that match.
>
> e.g. stmt = "select * from customers where cust_no = #{uservar}"
>
> row = db.execute(stmt)
>
stmt = "select * from customers where cust_no = ?"
row = db.execute(stmt, uservar)
HTH
John
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
