Cool. Is there a reference somewhere that describes why prepared statements are safe?
Not that I don't trust you all, but the info isn't for me and I will have no credibility without a link or something I can pass along. Thanks! Geoff On 8/8/05, Viktor Szathmary <[EMAIL PROTECTED]> wrote: > hi, > > On 8/8/05, Geoff Longman <[EMAIL PROTECTED]> wrote: > > Has anyone out there given any serious thought towards a strategy for > > preventing these kinds of attacks in Tapestry forms? > > using PreparedStatements with bound variables is a good enough > solution for SQL insertion (plus throw in the usual basic data > validation for good measure). > > regards, > viktor > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- The Spindle guy. http://spindle.sf.net Get help with Spindle: http://lists.sourceforge.net/mailman/listinfo/spindle-user Announcement Feed: http://www.jroller.com/rss/glongman?catname=/Announcements Feature Updates: http://spindle.sf.net/updates --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
