Kenneth Downs wrote:
*From: http://www.eweek.com/article2/0,1759,2188714,00.asp
Q: How can sites protect themselves against SQL injection?
A: *The best defense is to design your database-backed Web site properly
to make sure it always separates SQL code and user data. You basically
have a choice between programming tools that are specifically designed
to prevent you from making this kind of mistake and those that allow you
to get into trouble if you're not careful. Roughly speaking, this
corresponds to the difference between the newer Microsoft .Net tools and
their older tools or open source frameworks like PHP.
Oh geez, it doesn't matter which prograimming / scripting language is
used. You can make .NEt to be subceptible to SQL injections as easy,
just don't escape user input. Who writes stuff like that?
David
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
