From: Paul Davis (pjdavis_at_[hidden])
Date: 2006-09-12 11:34:04

• Next message: Loïc Joly: "Re: [Boost-users] Library Interface Design"
• Previous message: Edward Diener: "Re: [Boost-users] Library Interface Design"
• In reply to: loufoque: "Re: [Boost-users] Library Interface Design"
• Next in thread: loufoque: "Re: [Boost-users] Library Interface Design"
• Reply: loufoque: "Re: [Boost-users] Library Interface Design"

On 9/12/06, loufoque <mathias.gaunard_at_[hidden]> wrote:
>
> Scott Meyers wrote :
>
> > > An example:
> > > System.Data.SqlClient.SqlParameter is a class that describes a bound
> > parameter used in a database statement. Bound parameters are essential
> > to prevent SQL injection attacks. They should be exceedingly easy to use
> > since the "competition" (string concatenation of parameters into the SQL
> > statement) is easy, well understood, and dangerous.
>
> You can construct safe SQL queries with streams or printf-like syntax
> easily

id = "2 ; delete from persons ;"

sql << "select first_name, last_name, date_of_birth "
> "from persons where id = " << id

Someone just deleted your persons table. Oops.

No need to put objects everywhere that complexify everything.

_______________________________________________
> Boost-users mailing list
> Boost-users_at_[hidden]
> http://listarchives.boost.org/mailman/listinfo.cgi/boost-users
>

• text/html attachment: attachment

• Next message: Loïc Joly: "Re: [Boost-users] Library Interface Design"
• Previous message: Edward Diener: "Re: [Boost-users] Library Interface Design"
• In reply to: loufoque: "Re: [Boost-users] Library Interface Design"
• Next in thread: loufoque: "Re: [Boost-users] Library Interface Design"
• Reply: loufoque: "Re: [Boost-users] Library Interface Design"