Posted Mar 31, 2006 22:17 UTC (Fri) by GreyWizard
In reply to: Nonsense
Parent article: SQL injection attacks
Contrary to your raving, filtering user input does not require perfect code. I suggest reading the article to which this thread is attached. There you will find suggestions such as using prepared statements or stored procedures. As stated above, "SQL injections [...] can be thwarted relatively easily once one understands the problem and the ways to program around it." On the other hand, no database can provide protection from gaping security holes in external applications.
to post comments)