Gert Corthout <gert_corth...@hotmail.com> wrote: > I can see only 1 very long-shot security issue. Assuming I am a malafide > programmer at our company I could add ESCAPE ']' to a > vital query that takes user input and then use ]' to break out and inject > some SQL in the live system, right?
A malicious developer with access to the codebase would likely have lots of ways to wreak havoc, with or without prepared statements. -- Igor Tandetnik _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
