Kae Verens wrote:
> Bryan O'Donoghue wrote:
>>> The fact that MySQL may /let/ you away with it... doesn't necessarily
>> make it *correct* or *portable* betwixt databases; !!!
>>>> If I'm not mistaken ... some versions of SQLite... may actually
>> *enforce* this rule... !!
>>>>> I'd like to argue that the semi-colon is completely redundant in PHP'
> SQL calls. The semi-colon is used to delimit statements, and so is only
> really needed when you are going to use another statement in the same
> SQL call.
I might concede that point.
Besides what fun is SQL, if you don't spend 10 hours trying to fold into
one SQL statement, what could be easily accomplished in 2 or 3 statments...
" RIGHT OUTER JOIN on SELECT blah.x WHERE x in SELECT x.n y.d " ...
On the other hand... if you want to do transactions, rollbacks, commits,
etc...
> But - using multiple statements in single calls is an invitation for
> injection attacks.
How so ?
Once you validate your user input doesn't have SELECT, "DELETE"...
INSERT DROP or other harmful statments.... how does it make a difference
*how many* statments in the one execute operate on this data ?
--
Best Regards,
Bryan
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
