in reply to Re: Preventing SQL injection attacks: are -T and placeholders not enough?
in thread Preventing SQL injection attacks: are -T and placeholders not enough?

And how do you call the stored procedure and provide parameter values? Not by interpolating strings in the SQL I hope.

If you don't use string interpolation, I guess you use placeholders, and we're back to the advice: always use placeholders.

The use of SPs are orthogonal to that issue.

/J

  • Comment on Re^2: Preventing SQL injection attacks: are -T and placeholders not enough?

In Section Seekers of Perl Wisdom