Right, and in the end this should be done on a per-site basis through the input filtering mechanism I added to PHP5 a while ago.
-Rasmus On Thu, 14 Aug 2003, Ilia Alshanetsky wrote: > First of all this discussion bares to relevance to the 4.3.3 release as sqlite > is NOT part of this release. Secondly this is just plain silly. PHP is not > and is not responsible for validating input. If the user chooses not to and > consequently leaves their scripts vulnreable to SQL injection it is their > fault and their fault alone. > Ability to chain queries is an extremely useful feature that most database > systems support (even MySQL as of version 4.0). To cripple or disable such > functionality would be absolute idiocy not to mention break backwards > compatibility to older versions where this was possible. Adding more run-time > directives (as suggested by Hartmut Holzgraefe ) is a bad idea as it makes > writing portable code extremely difficult as each system may have a > drastically different behavior due to an ini option. > > Ilia > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
