[Please don't top post as it makes the discussion more difficult to
follow.]
On Aug 20, 2007, at 13:21 , Andrew Edson wrote:
> The dollar quoting appears to have fixed it; thank you. I
> apologize for my folly in sending out the original message.
I think this might be giving you a false sense of security. It looks
like I wasn't the only one to think you're probably doing something
unsafe. If you're interested in improving your code to make sure this
can never be a problem, look into bind variables (and prepared
statements). If you're directly interpolating variables into a query
string, you're just asking for trouble, regardless of what quoting
method you're using.
Michael Glaesemann
grzm seespotcode net
