On 9/12/06, loufoque
Scott Meyers wrote :
An example: System.Data.SqlClient.SqlParameter is a class that describes a bound parameter used in a database statement. Bound parameters are essential to prevent SQL injection attacks. They should be exceedingly easy to use since the "competition" (string concatenation of parameters into the SQL statement) is easy, well understood, and dangerous.
You can construct safe SQL queries with streams or printf-like syntax easily
id = "2 ; delete from persons ;" sql << "select first_name, last_name, date_of_birth "
"from persons where id = " << id
Someone just deleted your persons table. Oops. No need to put objects everywhere that complexify everything. _______________________________________________
Boost-users mailing list Boost-users@lists.boost.org http://lists.boost.org/mailman/listinfo.cgi/boost-users