>
> Cliff, I will definitely look up on the topic of MySQL injection
> attacks. Does using DAL better protect me against such attacks?
>
The DAL automatically protects against SQL injection. You can do it on your
own as well.
Note, the DAL is needed for SQLFORMs, Auth, and SQLFORM.grid. The DAL Rows
and Row objects also make it a lot easier to work with results sets and
update records. It's fine to avoid the DAL as a pure learning exercise, but
if you're building a serious app intended for production, you probably
should plan to use the DAL. Note, if you add {{=response.toolbar()}} in
your layout.html (during development), you can see the SQL that the DAL
generates for each query -- that may help you to learn SQL as well.
Anthony
--
