Hi Dan, For any calls that access a remote database, you should use the form that includes ":1", ":2", etc in the SQL statement and variable name(s) to supply the values for those placeholders.
That protects against SQL injection attacks and also removes the need to escape quote characters in your data. Pete lcSQL Software <http://www.lcsql.com> Home of lcStackBrowser <http://www.lcsql.com/lcstackbrowser.html> and SQLiteAdmin <http://www.lcsql.com/sqliteadmin.html> On Wed, Nov 12, 2014 at 7:29 AM, Dan Friedman <d...@clearvisiontech.com> wrote: > Does anyone know what is going on in the background of LiveCode's > revExecuteSQL command (and related commands: revOpenDatabase > revDataFromQuery, etc)? Are there any security features available? Is it > safe to use these calls (read and write) to a server-side database in a > commercially released app? Or, is it just really intended for local > databases? > > Thanks! > -Dan > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
