From: Dan Nelson
Date: September 29 2003 5:42am
Subject: Re: SQL Injection
List-Archive: http://lists.mysql.com/mysql/150679
Message-Id: <20030929054206.GI25442@dan.emsphone.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

In the last episode (Sep 28), Tony Thomas said:
> I've been hearing a bit about SQL injection lately, but the only
> documentation I can find refers to Microsoft or Oracle. Anyone know
> of good articles about injection in MySQL? Prevention? Detection? Is
> MySQL less vulnerable?

I would guess that it depends less on the database used and more on the
ability of the programmer.  Use of bind variables or your API's
quoting/escaping functions should completely eliminate the possibly of
injecting SQL.  It's basic security.

-- 
	Dan Nelson
	dnelson@stripped