SQL Injection

SQL Injection is probably the best reason, other than speed of execution sometimes, to use stored procedures instead of dynamic SQL queries. Ill-intentioned users can inject character literals through their input that can be used to comment out part of the query being executed. Scott Glu has a tip on ways of preventing it (via Miguel de Icaza). [Continue]



Abhijit Nadgouda
iface Consulting
+91 9819820312
My bookmarks


This is the weblog of Abhijit Nadgouda where he writes down his thoughts on software development and related topics. You are invited to subscribe to the feed to stay updated or check out more subscription options. Or you can choose to browse by one of the topics.