[Zope] Re: Zope SQL injection
Chris Withers
chris at simplistix.co.uk
Mon Mar 21 13:49:08 EST 2005
Andy Yates wrote:
>
> Right, I use <dtml-sqlvar>. Now that I read the manual ;-) I clearly
> see that is what the dtml-sqlvar prevents. Thanks! There has been a
> lot of buzz about sql injection lately for some reason and I just wanted
> to make double sure I understand the basics.
Well, another fail-safe way is just to not use a relational database in
the first place <0.3 wink>
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope
mailing list