How are you protecting against SQL Injection attacks?
<esql:query>select * from foo where foo.x = '<xsp-request:get-parameter name="bar"/>'</esql:query>
if you take myVar in any way from a request parameter, what happens if I pass in a value like bar=abc;delete%20from%20foo (try it on your app).
Oops, changed my example without changing all references - myVar is supposed to be bar obviously.
I don't have many soapboxes but this is one of them - I have inherited applications crippled by problems like this.
Geoff
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
