Boost :

From: Jorge Lodos (lodos_at_[hidden])
Date: 2007-03-16 12:12:46

• Next message: Ion Gaztañaga: "Re: [boost] C++ - STL hash map & Shared memory between 2 unrelated, arbit rary processes"
• Previous message: Frank Mori Hess: "Re: [boost] [futures] boost::futures - convertible types"
• In reply to: Michael Walter: "Re: [boost] SQL library with full embedded SQL-syntax"
• Next in thread: Jeff Garland: "Re: [boost] SQL library with full embedded SQL-syntax"
• Reply: Jeff Garland: "Re: [boost] SQL library with full embedded SQL-syntax"

Michael Walter wrote:

> On 3/16/07, Jorge Lodos <lodos_at_[hidden]> wrote:
> > Security is another reason to go away from sql queries as strings.
> > Prevent SQL injection attacks.
>
> You bind your parameters, you don't have any problems (except
> when this doesn't work, but then stored procedures don't help either).
>

Sure, but it is the programmer responsibility to bind the parameters instead

of concatenating strings.
Not using SQL strings avoids errors from programmers. What happens with many

of the existing SQL injection attacks is that programmers didn't bind
parameters
even when they had the possibility to do so.

Best regards
Jorge

• Next message: Ion Gaztañaga: "Re: [boost] C++ - STL hash map & Shared memory between 2 unrelated, arbit rary processes"
• Previous message: Frank Mori Hess: "Re: [boost] [futures] boost::futures - convertible types"
• In reply to: Michael Walter: "Re: [boost] SQL library with full embedded SQL-syntax"
• Next in thread: Jeff Garland: "Re: [boost] SQL library with full embedded SQL-syntax"
• Reply: Jeff Garland: "Re: [boost] SQL library with full embedded SQL-syntax"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk