Re: Programmers toolkit - C api sprintf-like mysql_query()

From: Lew Pitcher <lew.pitcher_at_digitalfreehold.ca>
Date: Sun, 02 Jul 2017 15:46:33 -0400
Message-ID: <ojbibj$unh$2_at_dont-email.me>

[Quoted] Jerry Stuckle wrote:

[snip]

> Ensure you call mysql_real_escape_string() for all non-numeric values
> that come from external sources. Failure to do so can lead to a SQL
> injection attack.

[Quoted] Thanks for the reminder, Jerry.

[Quoted] I don't see, however, how that suggestion has anything directly to do with the code I posted, or the implementation pattern it replaces.

To me, it is about as helpfull as also reminding everyone who read my post that they must call mysql_init() to obtain a valid dbm handle; it's true, and important, but irrelevant to the current discussion.

But, thanks anyway for the reminder.

-- 
Lew Pitcher
"In Skills, We Trust"
PGP public key available upon request

Received on Sun Jul 02 2017 - 21:46:33 CEST

This message: [ Message body ]
Next message: Jerry Stuckle: "Re: Programmers toolkit - C api sprintf-like mysql_query()"
Maybe in reply to: Lew Pitcher: "Programmers toolkit - C api sprintf-like mysql_query()"
In reply to Jerry Stuckle: "Re: Programmers toolkit - C api sprintf-like mysql_query()"
Next in thread: Jerry Stuckle: "Re: Programmers toolkit - C api sprintf-like mysql_query()"
Reply: Jerry Stuckle: "Re: Programmers toolkit - C api sprintf-like mysql_query()"
Reply: Lew Pitcher: "Re: Programmers toolkit - C api sprintf-like mysql_query()"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message