David Hopwood <>
Thu Aug 24 23:09:21 CEST 2006

Yariv Sadan wrote:
>> But unlike Vlad's version, that's vulnerable to SQL injection attacks.
> This particular statement actually isn't vulnerable because it's
> entirely generated by the programmer. In a "real" example, though, you
> should be careful to escape all your strings :)

The fact that "not real" examples tend to handwave away the need for
escaping, is one reason why injection vulnerabilities are so common.

David Hopwood <>

More information about the erlang-questions mailing list