On Thu, Jun 11, 2009 at 1:32 PM, Chris Spotts<rfusca@gmail.com> wrote:
>
>> It's a classic story. I'm volunteering about one day per month for
>> this project, learning SQL as I go. Priority was always given to the
>> "get it working" tasks and never the "make it safe" tasks. I had/have
>> grandiose plans to rewrite the whole system properly after I graduate.
>> Unfortunately, the inevitable corruption didn't wait that long.
> As you're learning, it sounds like parametrized queries might have saved you
> from the sql injection that caused this.
Very true, and always a good idea. However, OPs true failure here is
on the backup front. Without recent, reliable backups, on another
machine / media / datacenter etc. is the only way your data can be
truly safe.
