No such thing as a small change | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
If your program is the source of the column names, then there shouldn't be a concern. You typically have problems with SQL-injection issues when a third-party can put in bits of code that can mess up the database. For example, in your first case, your program is supplying the names, so you don't have to worry. But if it were more like:
Then you're opening the door for someone to hose your database. ...roboticus When your only tool is a hammer, all problems look like your thumb. In reply to Re: Safety of concatenating query string
by roboticus
|
|