|
List Info Thread: Auth-1.3.1RC1 (beta) Released.
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
Auth-1.3.1RC1 (beta) Released. |
|
List Info Thread: Auth-1.3.1RC1 (beta) Released.
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
gmail.com ---------
>
>
> Daniel Convissor wrote:
>> In your initial post, I thought you were talking
about
>> values. I think automatically delimiting
identifiers is a bad idea.
>>
>> Field names entered into queries from program
settings like
>> this does not constitute SQL injection.
>
> Does it account for someone having previously fed it a
quoted fieldname? Or
> will it double quote things?
>
> If it can account for that..what is the harm? Dan may
have a valid point,
> I'm just not sure from what he wrote what makes it a
bad idea (other than
> that it is not necessary).
>
> What potential problems might we face?
>
Quoting my original email:
Basically it does automatic quoting of table and field
names. If
you've been adding your
own quoting (ie for using table field names with capitol
letters in
PostgreSQL, using
field names that are reserved words) this latest patch will
cause your
application to
break.
--
PEAR Development Mailing List (