Aug 19, 2016; 18:10
Justin Dennis
DS SQL Injection Question
Lasso Team -
We have some DS code like this:
ds
->select('c.id AS customerID')
->from('customer c')
->where('c.email' = #email)
->limit(1)
Do we need to ->encodesql the #email variable to prevent possible sql
injection?
We've not been, because we assumed it was handled DS-side. Maybe a bad
assumption.
Thanks for any insights.
- Justin
#############################################################
This message is sent to you because you are subscribed to
the mailing list Lasso Lasso@lists.lassosoft.com
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>
Aug 19, 2016; 23:58
Ke Carlton
Re: DS SQL Injection Question