db-torque-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luca Ciocci <l.cio...@askweb.it>
Subject Re: Precautions against "SQL Injection"?
Date Wed, 16 Sep 2009 14:03:13 GMT
Hi, I don't think that is so easy do SQL Injection with Torque, all
query data are SQL Escaped.

Bye!

Il giorno mer, 16/09/2009 alle 11.10 +0200, Graham Leggett ha scritto:
> Markus Müller wrote:
> 
> > are there any precautions against  SQL Injection?
> 
> My understanding is that all SQL statements generated either use
> prepared statements, or their arguments are escaped as per the
> database's requirements.
> 
> If torque allowed sql injection, that would be a major security flaw.
> 
> Regards,
> Graham
> --
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
For additional commands, e-mail: torque-user-help@db.apache.org


Mime
View raw message