[devtalk] ASP help
David Precious
dave at preshweb.co.uk
Mon Oct 26 13:12:28 GMT 2009
Robert Hoenig wrote:
> I would suggest using a store procedure to do the work. This would fix your
> sql injection problems as it's much harder to inject SQL into a store proc.
A stored procedure is almost certainly overkill and unnecessary
complexity for what Riva needs; simply doing the queries properly,
passing values via bind parameters rather than simply interpolating vars
into the SQL will take care of it perfectly well.
More information about the devtalk
mailing list