Lasso Team -

We have some DS code like this:

ds
->select('c.id AS customerID')
->from('customer c')
->where('c.email' = #email)
->limit(1)

Do we need to ->encodesql the #email variable to prevent possible sql
injection?

We've not been, because we assumed it was handled DS-side. Maybe a bad
assumption.

Thanks for any insights.

- Justin

#############################################################

This message is sent to you because you are subscribed to
the mailing list Lasso Lasso@lists.lassosoft.com
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>