> >> It's a classic story. I'm volunteering about one day per month for
> >> this project, learning SQL as I go. Priority was always given to
> the
> >> "get it working" tasks and never the "make it safe" tasks. I
> had/have
> >> grandiose plans to rewrite the whole system properly after I
> graduate.
> >> Unfortunately, the inevitable corruption didn't wait that long.
> > As you're learning, it sounds like parametrized queries might have
> saved you
> > from the sql injection that caused this.
>
> Very true, and always a good idea. However, OPs true failure here is
> on the backup front. Without recent, reliable backups, on another
> machine / media / datacenter etc. is the only way your data can be
> truly safe.
[Spotts, Christopher]
Oh absolutely. Regardless of anything you do on the functional aspect, you'd
still need backups. I was just saying that if you're eventually going to
redesign (like mentioned), a nudge towards parameterized queries doesn't
hurt.