[Greg Hunt] | I thought either PHP or MySQL won't allow more than one query in a | mysql_query() call. PostgreSQL (which I use) supports it. MySQL did not support it the last time I checked (a long time ago), but I found a TODO item that stated it should be supported in the future. I still think it is a bad idea to let anyone pass whatever they wish to the database. What happens when you upgrade your database to a product/version that supports what the original database did not? Who is responsible for fixing the new security problems? Will anyone realise that you have any problems to fix at all, as soon as all functionality is in place? Letting it through because "the database I currently use does not support it" has very little to do with secure programming. In my humble opinion. Sverre. -- shhat_private Computer Geek? Try my Nerd Quiz http://shh.thathost.com/ http://nerdquiz.thathost.com/
This archive was generated by hypermail 2b30 : Wed May 29 2002 - 14:48:43 PDT