Think about Loose Coupling | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Quite right, thanks for refreshing my memory! But I was not entirely wrong here: what is OK on one DB might be terribly insecure on another.
In that respect, MySQL supports prepared statements only since its version 4.1 and unless DBD::MySQL is updated to take advantage of it (I didn't think so), could it be that the placeholder-magic is faked by DBD/DBD::MYSLQ and that it simply relies on quoting and interpolating the placeholders? That would of course be a Bad Thing. CountZero "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law In reply to Re^3: Hacker Proofing My Script
by CountZero
|
|