<br><div><span class="gmail_quote">On 9/12/06, <b class="gmail_sendername">loufoque</b> &lt;<a href="mailto:mathias.gaunard@etu.u-bordeaux1.fr">mathias.gaunard@etu.u-bordeaux1.fr</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Scott Meyers wrote :<br><br>&gt;&nbsp;&nbsp;&gt; An example:<br>&gt;&nbsp;&nbsp;&gt; System.Data.SqlClient.SqlParameter is a class that describes a bound<br>&gt; parameter used in a database statement. Bound parameters are essential<br>&gt; to prevent SQL injection attacks. They should be exceedingly easy to use
<br>&gt; since the &quot;competition&quot; (string concatenation of parameters into the SQL<br>&gt; statement) is easy, well understood, and dangerous.<br><br>You can construct safe SQL queries with streams or printf-like syntax easily
</blockquote><div><br>id = &quot;2 ; delete from persons ;&quot;&nbsp;</div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">sql &lt;&lt; &quot;select first_name, last_name, date_of_birth &quot;
<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&quot;from persons where id = &quot; &lt;&lt; id</blockquote><div><br>Someone just deleted your persons table.&nbsp; Oops.<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
No need to put objects everywhere that complexify everything.</blockquote><div><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">_______________________________________________
<br>Boost-users mailing list<br><a href="mailto:Boost-users@lists.boost.org">Boost-users@lists.boost.org</a><br><a href="http://lists.boost.org/mailman/listinfo.cgi/boost-users">http://lists.boost.org/mailman/listinfo.cgi/boost-users
</a><br></blockquote></div><br>