Hi Thomas, Torque 3.2 also implements SqlExpression.quoteAndEscapeText
Regards, Adrian On Fri, Aug 5, 2011 at 5:22 PM, Thomas Fox <[email protected]> wrote: > Torque 3.3 escapes Strings in Queries(see method > org.apache.torque.util.SqlExpression.quoteAndEscapeText(String, DB)), so > SQL injection should not be a problem. > The current Torque 4 trunk uses Prepared statements throughout, which is > probably even better. > > Thomas > > Adrian Paleacu <[email protected]> schrieb am 05.08.2011 16:14:10: > > > Von: > > > > Adrian Paleacu <[email protected]> > > > > An: > > > > [email protected] > > > > Datum: > > > > 05.08.2011 16:14 > > > > Betreff: > > > > Torque and SQL Injection > > > > Hi everyone, > > > > I'm wondering how safe is torque on sql injection attacks, I dind't fine > any > > official page on that. > > > > > > Regards, > > > > Adrian > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
