Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- escapce unvalid charactors
July 23, 2007, 6:37 am
rate this thread
Re: escapce unvalid charactors
Because we (the developers) still need to use those unsafe characters in
queries. It's all a matter of who get's to do what. Clients may not enter
pure sql, that would be an sql injection..! However YOU must be able to
enter pure sql in order to get data in and out of the database. But as
Michael pointed out, the problem does not exist with prepared statements
where the client data is somewhat separated from queries.
"Good tea. Nice house." -- Worf