[Zope-DB] Re: dynamic SQL
Wed, 9 Apr 2003 02:00:47 +0200
Jim Penny [email@example.com] wrote:
> Well, you have no security, whatsoever. Anyone who can access method
> variable_sql can do anything that they want to our database. Even if
> you somehow limit access to the method, you can't stop SQL injection.
> And you can't debug the SQL, since you have no idea of what will be
> Go to the trouble now. It will reduce your trouble later.
But you might want to check some Zope products out: