Boost logo

Boost Users :

From: loufoque (mathias.gaunard_at_[hidden])
Date: 2006-09-12 08:26:32


Scott Meyers wrote :

> > An example:
> > System.Data.SqlClient.SqlParameter is a class that describes a bound
> parameter used in a database statement. Bound parameters are essential
> to prevent SQL injection attacks. They should be exceedingly easy to use
> since the "competition" (string concatenation of parameters into the SQL
> statement) is easy, well understood, and dangerous.

You can construct safe SQL queries with streams or printf-like syntax easily
sql << "select first_name, last_name, date_of_birth "
        "from persons where id = " << id

No need to put objects everywhere that complexify everything.


Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net