httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: 2.2.9
Date Tue, 06 May 2008 23:20:45 GMT

On Tue, 2008-05-06 at 23:56, William A. Rowe, Jr. wrote:

> Or more specifically, could you elaborate on the dbd changes within
> apr 1.3.x that need additional review?   Why is this driver not
> correctly dodged?
> Bill

If the docs are not clear to you, I think that demonstrates
the need for further review.  What is unclear about 
  ¨The underlying library doesn't support prepared statements,
   so the driver emulates them, and the untrusted input is
   merged into the SQL statement.¨

Nick Kew

View raw message