"keep moving" aside, I actually do believe this to be a bad thing. While the core team was not active in the development they did still help steer direction. These are the folks that would say, "that will break things" - when it otherwise may not be obvious that "n" change could break things. This is a loss of experience, but the core team obviously feels that there is enough checks and balances to keep things from breaking.
Magical!? Yes. It's really easy in fact. Simply do NOT use direct user input within an SQL statement. That seems really restrictive but it's not - it simply requires that you push back CHOICES to the user in creating your form...
all
sara
john...then you use the values (validated to be only numbers) to back-fill your SQL statement.
If you are really feeling risky, then at the very least make sure that every character you recieve is [A-Za-z0-9 ], length verify it to make sure it matches the lenght of your field, and reject anything with single or double quotes embedded.
It's not magic, it's... programming.
Slashdot Mirror
"keep moving" aside, I actually do believe this to be a bad thing. While the core team was not active in the development they did still help steer direction. These are the folks that would say, "that will break things" - when it otherwise may not be obvious that "n" change could break things. This is a loss of experience, but the core team obviously feels that there is enough checks and balances to keep things from breaking.
Magical!? Yes. It's really easy in fact. Simply do NOT use direct user input within an SQL statement. That seems really restrictive but it's not - it simply requires that you push back CHOICES to the user in creating your form... all sara john ...then you use the values (validated to be only numbers) to back-fill your SQL statement.
If you are really feeling risky, then at the very least make sure that every character you recieve is [A-Za-z0-9 ], length verify it to make sure it matches the lenght of your field, and reject anything with single or double quotes embedded.
It's not magic, it's... programming.