db-torque-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: Precautions against "SQL Injection"?
Date Wed, 16 Sep 2009 09:10:51 GMT
Markus Müller wrote:

> are there any precautions against  SQL Injection?

My understanding is that all SQL statements generated either use
prepared statements, or their arguments are escaped as per the
database's requirements.

If torque allowed sql injection, that would be a major security flaw.


View raw message