On Tue, 2006-07-11 at 11:04, Jan Wieck wrote:
> On 6/30/2006 1:07 PM, Merlin Moncure wrote:
>
> > * mysql has a few features here and there which are nice...just to
> > name a few, flush tables with lock, multiple insert, etc
> The multiple insert stuff is not only non-standard, it also encourages
> the bad practice of using literal values directly in the SQL string
> versus prepared statements with place holders.
I thought it was in the SQL 99 standard...
> It is bad practice
> because it introduces SQL injection risks since the responsibility of
> literal value escaping is with the application instead of the driver.
agreed, however.
