| Subject | Re: [firebird-support] Noobie Null Date and Time woes |
|---|---|
| Author | Martijn Tonies |
| Post date | 2005-12-14T19:19:03Z |
Jason,
Prepared statements really avoid SQL injection.
What's the point you're trying to make?
Martijn Tonies
Database Workbench - tool for InterBase, Firebird, MySQL, Oracle & MS SQL
Server
Upscene Productions
http://www.upscene.com
Database development questions? Check the forum!
http://www.databasedevelopmentforum.com
> > Use a prepared statement. Dynamically constructing SQL is a seriousrisk",
> > security loophole and a performance dog.
> >
> > I am not certain of the syntax for your language, but here it is in
> > Java. It is similar in Delphi.
>
> Thanks for the FUD. A "Prepared Statement" will be an equal "security
> while I imagine that a Search-and-Replace on a string would take muchlonger
> than simple string concatination. As a matter of fact, I invite you to tryand
> make a general use ReplaceString function that doesn't use stringconcatination.
>here,
> Enough with the Delphi-isms. While a lot of Delphi developers flock around
> there are some fortunate souls who have never worked with Pascal.I fail to see how a ReplaceString would be bad on prepared statements?
Prepared statements really avoid SQL injection.
What's the point you're trying to make?
Martijn Tonies
Database Workbench - tool for InterBase, Firebird, MySQL, Oracle & MS SQL
Server
Upscene Productions
http://www.upscene.com
Database development questions? Check the forum!
http://www.databasedevelopmentforum.com