<br><div><span class="gmail_quote">On 9/12/06, <b class="gmail_sendername">loufoque</b> <<a href="mailto:mathias.gaunard@etu.u-bordeaux1.fr">mathias.gaunard@etu.u-bordeaux1.fr</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Scott Meyers wrote :<br><br>> > An example:<br>> > System.Data.SqlClient.SqlParameter is a class that describes a bound<br>> parameter used in a database statement. Bound parameters are essential<br>> to prevent SQL injection attacks. They should be exceedingly easy to use <br>> since the "competition" (string concatenation of parameters into the SQL<br>> statement) is easy, well understood, and dangerous.<br><br>You can construct safe SQL queries with streams or printf-like syntax easily </blockquote><div><br>id = "2 ; delete from persons ;" </div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">sql << "select first_name, last_name, date_of_birth " <br> "from persons where id = " << id</blockquote><div><br>Someone just deleted your persons table. Oops.<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> No need to put objects everywhere that complexify everything.</blockquote><div><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">_______________________________________________ <br>Boost-users mailing list<br><a href="mailto:Boost-users@lists.boost.org">Boost-users@lists.boost.org</a><br><a href="http://lists.boost.org/mailman/listinfo.cgi/boost-users">http://lists.boost.org/mailman/listinfo.cgi/boost-users </a><br></blockquote></div><br>