[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SQL injection with guile-pg
From: |
Greg Troxel |
Subject: |
Re: SQL injection with guile-pg |
Date: |
14 Feb 2005 08:23:08 -0500 |
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 |
For a bound parameter example, look at the 'stage 2' code fragment
here:
http://www.saturn5.com/~jwb/dbi-performance.html
Basically, you have a query string with a variable name in it, and then
execute a statement that binds a value to that name. People do this
partly for efficiency, but it also prevents the sql parser from reading
the data.
--
Greg Troxel <address@hidden>