At 4:54 PM -0400 4/28/10, David Stoltz wrote:
My concern is passing SQL queries in this way is not best practice - am
I wrong? Please let me know how you would react to this?
David :
First, you are not wrong.
Second, that's exactly the type of security risk you want to protect
yourself from.
Third, never trust anything coming from client-side (i.e., POST, GET,
or COOKIE).
Now, they (the vendor) can throw all the layers of confusion/nonsense
(it's SSL, APS.NET, or will happen later) on this as they want, but
the point remains this is permitting client-side access to a database
and that is NOT good.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
