Hi, I don't think that is so easy do SQL Injection with Torque, all query data are SQL Escaped.
Bye! Il giorno mer, 16/09/2009 alle 11.10 +0200, Graham Leggett ha scritto: > Markus Müller wrote: > > > are there any precautions against SQL Injection? > > My understanding is that all SQL statements generated either use > prepared statements, or their arguments are escaped as per the > database's requirements. > > If torque allowed sql injection, that would be a major security flaw. > > Regards, > Graham > -- > --------------------------------------------------------------------- To unsubscribe, e-mail: torque-user-unsubscr...@db.apache.org For additional commands, e-mail: torque-user-h...@db.apache.org
