Proper way to instantiate a class

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

Proper way to instantiate a class

Message

19/12/2005 13:15:46

Michel Fournier
Level Extreme Inc.
Petit-Rocher, Nouveau-Brunswick, Canada

19/12/2005 13:04:11

Rod Paddock
Dash Point Software, Inc.
Gig Harbor, Washington, États-Unis

Information générale

Forum:

ASP.NET

Catégorie:

Conception classe

Titre:

Re: Proper way to instantiate a class

Divers

Thread ID:

01079105

Message ID:

01079260

Vues:

>With SQL server (if that is the database in question) somone could inject extra SQL statements where you concatenate your SQL string...
>
>SQL server can process multiple sql statements in a batch. For instance they could enter SELECT * from users or some other statement in the username property you are using and SQL will run another query.
>
>Here's a more detailed article on SQL injection
>
>http://www.4guysfromrolla.com/webtech/061902-1.shtml
>
>You can also google "SQL injection" to find a number of articles on the subject.

Only within code this method can be accessed. So, we control that environment. Unless I am missing something here, I don't see any situation where someone could cause problem in here. Unless such environment would be in a place where one developper would have bad intentions. I have used this approach on numerous VFP projects as well. Only within code such methods can be accessed, thus within EXE or DLL.

Michel Fournier
Level Extreme Inc.
Designer, architect, owner of the Level Extreme Platform
Subscribe to the site at https://www.levelextreme.com/Home/DataEntry?Activator=55&NoStore=303
Subscription benefits https://www.levelextreme.com/Home/ViewPage?Activator=7&ID=52

Répondre

Fil

Voir

Click here to load this message in the networking platform