John R Pierce wrote:
> Stuart McGraw wrote:
>> What is the best way to run an arbitrary
>> query received from an untrusted source,
>> safely?
>>
>> (I want a web page form with a textbox that
>> a user can enter an arbitrary sql statement,
>> then run it .....
>
> just keep http://xkcd.com/327/ in mind.
Yes, exactly what I would like some advice
on avoiding! :-)