21 Mar
2005
21 Mar
'05
6:49 p.m.
Andy Yates wrote:
Right, I use <dtml-sqlvar>. Now that I read the manual ;-) I clearly see that is what the dtml-sqlvar prevents. Thanks! There has been a lot of buzz about sql injection lately for some reason and I just wanted to make double sure I understand the basics.
Well, another fail-safe way is just to not use a relational database in the first place <0.3 wink> Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk