|
|
Posted by Curtis on 02/07/07 08:59
On Mon, 05 Feb 2007 23:10:36 -0800, Rik <luiheidsgoeroe@hotmail.com> wrote:
> Toby A Inkster <usenet200701@tobyinkster.co.uk> wrote:
>
>> Jerry Stuckle wrote:
>>
>>> Don't be dense, Tony. This is obviously some debug code. In the real
>>> code he would be opening the connection and executing the sql.
>>
>> That's your assumption.
>>
>> My assumption is that in the real code, *if* he opened a connection to
>> the
>> database, then he'd be sure to authenticate the user first, by at least
>> username/password and preferably IP address too.
>>
>> Besides which, there are perfectly good reasons you might want to pass a
>> SQL query to a script that does not execute it.
>
> Sure there are. And all of them are better served with a POST.
Unless you specifically want the page state bookmarkable.
--
Curtis, http://dyersweb.com
[Back to original message]
|