Thu Aug 24 23:09:21 CEST 2006
Yariv Sadan wrote:
>> But unlike Vlad's version, that's vulnerable to SQL injection attacks.
> This particular statement actually isn't vulnerable because it's
> entirely generated by the programmer. In a "real" example, though, you
> should be careful to escape all your strings :)
The fact that "not real" examples tend to handwave away the need for
escaping, is one reason why injection vulnerabilities are so common.
David Hopwood <>
More information about the erlang-questions