Torque 3.3 escapes Strings in Queries(see method org.apache.torque.util.SqlExpression.quoteAndEscapeText(String, DB)), so SQL injection should not be a problem. The current Torque 4 trunk uses Prepared statements throughout, which is probably even better.
Thomas Adrian Paleacu <adrian.pale...@gmail.com> schrieb am 05.08.2011 16:14:10: > Von: > > Adrian Paleacu <adrian.pale...@gmail.com> > > An: > > torque-user@db.apache.org > > Datum: > > 05.08.2011 16:14 > > Betreff: > > Torque and SQL Injection > > Hi everyone, > > I'm wondering how safe is torque on sql injection attacks, I dind't fine any > official page on that. > > > Regards, > > Adrian --------------------------------------------------------------------- To unsubscribe, e-mail: torque-user-unsubscr...@db.apache.org For additional commands, e-mail: torque-user-h...@db.apache.org