httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: 2.2.9
Date Tue, 06 May 2008 23:34:58 GMT
Nick Kew wrote:
> If the docs are not clear to you, I think that demonstrates
> the need for further review.  What is unclear about 
>   ¨The underlying library doesn't support prepared statements,
>    so the driver emulates them, and the untrusted input is
>    merged into the SQL statement.¨

I guess my point is, why do we enable this without requiring the user
to explicitly choose this client?  Caveat emptor; it shouldn't happen
without user intervention.


View raw message