Re: Multiple databases
Hi Rick
An extract from my code.
CREATE DATABASE $sql_database;
GRANT ALL PRIVILEGES ON $sql_database.* TO '$sql_user'@'$sql_host' IDENTIFIED BY '$sql_passwd';
GRANT ALL PRIVILEGES ON $sql_database.* TO '$sql_user'@'%' IDENTIFIED BY '$sql_passwd';
The variables here are regular expression forced/tested to be alpha-numeric prior to execution - so I think my grants are ok.
Interested in knowing more about how and why prepared statements still don't necessarily block injection attacks and what I should be doing instead or in addition? I had thought that blocking injection attacks was a large advantage of prepared statements (well that and speed if executing the same construct repeatedly).
Subject
Written By
Posted
Re: Multiple databases
April 26, 2011 01:23PM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.