[Gambas-user] Database and SQL code injection
ron
ronstk at ...239...
Fri Sep 14 03:25:41 CEST 2007
On Thursday 13 September 2007 23:48, Benoit Minisini wrote:
> Well, back to Gambas now. I want to go further, by simply rejecting any call
> to Exec(), Find() or Delete(), if the first argument includes some quoting
> characters.
>
> This way, you will be compelled to use the quoting arguments.
>
> What do you think about that?
>
> --
> Benoit Minisini
>
Proposal is not bad but I prefer a way to bypass all gambas mangeling for
using DB.Exec("select concat("today=",`age`,now()) as `age` from `tblBenoit`;")
More information about the User
mailing list