Cool. Is there a reference somewhere that describes why prepared
statements are safe?

Not that I don't trust you all, but the info isn't for me and I will
have no credibility without a link or something I can pass along.

Thanks!

Geoff

On 8/8/05, Viktor Szathmary <[EMAIL PROTECTED]> wrote:
> hi,
> 
> On 8/8/05, Geoff Longman <[EMAIL PROTECTED]> wrote:
> > Has anyone out there given any serious thought towards a strategy for
> > preventing these kinds of attacks in Tapestry forms?
> 
> using PreparedStatements with bound variables is a good enough
> solution for SQL insertion (plus throw in the usual basic data
> validation for good measure).
> 
> regards,
>   viktor
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 


-- 
The Spindle guy.           http://spindle.sf.net
Get help with Spindle:   
http://lists.sourceforge.net/mailman/listinfo/spindle-user
Announcement Feed:    
http://www.jroller.com/rss/glongman?catname=/Announcements
Feature Updates:            http://spindle.sf.net/updates

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to