[sword-devel] Per Project news: - was Re: CrossWire news
Peter von Kaehne
refdoc at gmx.net
Mon Feb 14 09:13:39 MST 2011
Ok. I have messed up here massively.
Once Jon showed me the matter I added a string-to-integer parse step and then a further integer to string cast so all relevant holes are now covered. Wrong input will now result in a exception, but not expose holes. I guess one could introduce safe values in the exception handling instead of simply failing, but as this is not meant to be used by outsiders really, I see no good reason for that. Tell me if I am wrong.
I learned a lot here. Many thanks to all and particularly to Jon to point it out so gently.
In the meantime I have also read up on the suggestions of using a prepared statement. So maybe this is the next step forward. It certainly will be high on my consideration if I ever again touch SQL code and use outside input.
Yours
Peter
--
Schon gehört? GMX hat einen genialen Phishing-Filter in die
Toolbar eingebaut! http://www.gmx.net/de/go/toolbar
More information about the sword-devel
mailing list