Re: Programmers toolkit - C api sprintf-like mysql_query()
From: Lew Pitcher <lew.pitcher_at_digitalfreehold.ca>
Date: Sun, 02 Jul 2017 15:46:33 -0400
Message-ID: <ojbibj$unh$2_at_dont-email.me>
Date: Sun, 02 Jul 2017 15:46:33 -0400
Message-ID: <ojbibj$unh$2_at_dont-email.me>
[Quoted] Jerry Stuckle wrote:
[snip]
> Ensure you call mysql_real_escape_string() for all non-numeric values
> that come from external sources. Failure to do so can lead to a SQL
> injection attack.
[Quoted] Thanks for the reminder, Jerry.
[Quoted] I don't see, however, how that suggestion has anything directly to do with the code I posted, or the implementation pattern it replaces.
To me, it is about as helpfull as also reminding everyone who read my post that they must call mysql_init() to obtain a valid dbm handle; it's true, and important, but irrelevant to the current discussion.
But, thanks anyway for the reminder.
-- Lew Pitcher "In Skills, We Trust" PGP public key available upon requestReceived on Sun Jul 02 2017 - 21:46:33 CEST