From: Michael Walter (michael.walter_at_[hidden])
Date: 2007-03-16 11:53:44
On 3/16/07, Jorge Lodos <lodos_at_[hidden]> wrote:
> Security is another reason to go away from sql queries as strings.
> Prevent SQL injection attacks.
You bind your parameters, you don't have any problems (except when
this doesn't work, but then stored procedures don't help either).
Boost list run by bdawes at acm.org, david.abrahams at rcn.com, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk