Report message:*
 

Re: Auditing Code (security wise)

Subject: Re: Auditing Code (security wise)
by Dave_L on 2007/12/10 12:27:19

I don't think queryf bypasses the text sanitizer; it just allows non-SELECT queries, such as UPDATE and INSERT, to be done when processing a GET request. But I agree that queryf should only be used in special situations when it's really needed.