Proper way to instantiate a class

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Proper way to instantiate a class

Message

From

19/12/2005 13:15:46

Michel Fournier
Level Extreme Inc.
Petit-Rocher, New Brunswick, Canada

19/12/2005 13:04:11

Rod Paddock
Dash Point Software, Inc.
Gig Harbor, Washington, United States

General information

Forum:

ASP.NET

Category:

Class design

Title:

Re: Proper way to instantiate a class

Miscellaneous

Thread ID:

01079105

Message ID:

01079260

Views:

>With SQL server (if that is the database in question) somone could inject extra SQL statements where you concatenate your SQL string...
>
>SQL server can process multiple sql statements in a batch. For instance they could enter SELECT * from users or some other statement in the username property you are using and SQL will run another query.
>
>Here's a more detailed article on SQL injection
>
>http://www.4guysfromrolla.com/webtech/061902-1.shtml
>
>You can also google "SQL injection" to find a number of articles on the subject.

Only within code this method can be accessed. So, we control that environment. Unless I am missing something here, I don't see any situation where someone could cause problem in here. Unless such environment would be in a place where one developper would have bad intentions. I have used this approach on numerous VFP projects as well. Only within code such methods can be accessed, thus within EXE or DLL.

Michel Fournier
Level Extreme Inc.
Designer, architect, owner of the Level Extreme Platform
Subscribe to the site at https://www.levelextreme.com/Home/DataEntry?Activator=55&NoStore=303
Subscription benefits https://www.levelextreme.com/Home/ViewPage?Activator=7&ID=52

Map

View

Click here to load this message in the networking platform