guile-user
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SQL injection with guile-pg


From: Greg Troxel
Subject: Re: SQL injection with guile-pg
Date: 14 Feb 2005 08:23:08 -0500
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3

For a bound parameter example, look at the 'stage 2' code fragment
here:

  http://www.saturn5.com/~jwb/dbi-performance.html 

Basically, you have a query string with a variable name in it, and then
execute a statement that binds a value to that name.  People do this
partly for efficiency, but it also prevents the sql parser from reading
the data.


-- 
        Greg Troxel <address@hidden>




reply via email to

[Prev in Thread] Current Thread [Next in Thread]