[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SQL injection with guile-pg

From: Greg Troxel
Subject: Re: SQL injection with guile-pg
Date: 14 Feb 2005 08:23:08 -0500
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3

For a bound parameter example, look at the 'stage 2' code fragment

Basically, you have a query string with a variable name in it, and then
execute a statement that binds a value to that name.  People do this
partly for efficiency, but it also prevents the sql parser from reading
the data.

        Greg Troxel <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]