Re: sql injection

new topic     » goto parent     » topic index » view thread      » older message » newer message
Matt Lewis said...

If I read this correctly, you're taking an escape approach, rather than using parameters? What about prepared statements?

Prepared statements are not supported yet grin It may very well change the design overall. One difficulty with prepared statements and a DBI is how each database may do it slightly different and some databases do not do it at all getlost... Some use ?, others use %1, %2, %3. I am not yet sure how to go about handling it. I am open to suggestions.

Jeremy

new topic     » goto parent     » topic index » view thread      » older message » newer message

Search



Quick Links

User menu

Not signed in.

Misc Menu