At 6:54 AM -0400 9/26/07, Kenneth Downs wrote:
From:
<http://www.eweek.com/article2/0,1759,2188714,00.asp>http://www.eweek.com/article2/0,1759,2188714,00.asp
Q: How can sites protect themselves against SQL injection?
A: The best defense is to design your database-backed Web site
properly to make sure it always separates SQL code and user data.
You basically have a choice between programming tools that are
specifically designed to prevent you from making this kind of
mistake and those that allow you to get into trouble if you're not
careful. Roughly speaking, this corresponds to the difference
between the newer Microsoft .Net tools and their older tools or open
source frameworks like PHP.
But of course -- Microsoft has always been leading the pack in
everything is does. The net is no exception, take a look at its IE
browsers with respect to web standards and compliance issues -- they
certainly define what's best for the rest of us, right? Wrong!
Seriously, M$ has one thing on it's mind and that is to control as
much as possible -- and that control is solely for profit and not for
the better good. If they can sell .Net tools as the "best" way to go,
and you buy into it, then I have some swamp land for you to consider
because in either case, you're wading into a quagmire.
Answers like that above, are just more M$ noise for profit.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
