Metaprogramming

[David Hopwood]

Yariv Sadan wrote:
>>
>> But unlike Vlad's version, that's vulnerable to SQL injection attacks.
> 
> This particular statement actually isn't vulnerable because it's
> entirely generated by the programmer. In a "real" example, though, you
> should be careful to escape all your strings :)

The fact that "not real" examples tend to handwave away the need for
escaping, is one reason why injection vulnerabilities are so common.

-- 
David Hopwood <david.nospam.hopwood@REDACTED>