--- Michael Rasmussen <[EMAIL PROTECTED]> wrote: > I think you have misunderstod the concepts of making queries based > on user input. It is not the users who should create the query, all > to should do is provide the input to narrow down the queries.
To be honest, I think Pablo understands the concepts quite well, and you seem to have the misunderstanding. I'm happy to be wrong about this, but you'll need to explain yourself more instead of making these types of vague statements. As it is, I just don't buy your argument at all. How can user input only narrow down queries? Are you telling me that you've never had to write an application that had to store data originating from a foreign source? If so, that's fine, but don't use your inexperience to try to convince others that data filtering is unnecessary. If you're only talking about SELECT statements, that's also fine, but it's also rather irrelevant to the topic at hand (which might explain the confusion). Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
