Most of the DVR users I know seem to "forget" that they can fast forward and its not an issue. What I can't wait for is when viewership is actually tracked instead of by some representative selection of people who never seem to like the shows I like.
You always have to think about what you are programming. Just because something is inside a prepared statement doesn't make it secure. Sure it is a much better way to go, but if your procedures blindly pass data around (like an idiot I saw who was using 1 stored procedure for an entire project and simply 'executed' the SQL statement passed into the stored procedure, then you are not really buying yourself more protection. You always need to inspect input [period.]
Slashdot Mirror
Most of the DVR users I know seem to "forget" that they can fast forward and its not an issue. What I can't wait for is when viewership is actually tracked instead of by some representative selection of people who never seem to like the shows I like.
You always have to think about what you are programming. Just because something is inside a prepared statement doesn't make it secure. Sure it is a much better way to go, but if your procedures blindly pass data around (like an idiot I saw who was using 1 stored procedure for an entire project and simply 'executed' the SQL statement passed into the stored procedure, then you are not really buying yourself more protection. You always need to inspect input [period.]