This thread looks to be a little on the old side and therefore may no longer be relevant. Please see if there is a newer thread on the subject and ensure you're using the most recent build of any software if your question regards a particular product.
This thread has been locked and is no longer accepting new posts, if you have a question regarding this topic please email us at support@mindscape.co.nz
|
I have been looking at the LightSpeed logs and noticed that the queries are not using parameters as you normally would with ADO.NET to avoid all sorts of problems, (plus performance gains). Is there a reason for this? Should we be afraid of SQL injection attacks using LightSpeed? |
|
|
Don't worry, all queries do use parameters, for exactly the reasons you cite. However, in the SQL logs we substitute the parameter values back in so as to make the SQL more readable. If you set context.VerboseLogging = true, you can see the parameters as well; similarly, if you use SQL Server Profiler or the equivalent for your preferred database, you will see the actual SQL without the substitutions, and can verify that all values are sent in parameters. |
|