Le dimanche 25 juin 2006 à 10:59 -0600, Tony Lambregts a écrit : [...]
I am more in favor of this approach than using makeSafe() and do the same thing as Chris's query_parameters() patch. However I am hard pressed to say whether this method is really better or safer than query_parameters().
I have had real issues with makeSafe() the primary one is that IMO the place to make sure that we are safe from sql injection is where we create the SQL. The makeSafe() did not do that.
The changes to that are only cosmetic and make it harder to see the actual changes. Formating changes should be in a separate patch.
Also I would really appreciate a "Files Changed:" section that lists the files changed/added/removed by this patch. I find that it really helps in reviewing patches.
Please resubmit with the formating changes in a separate patch.
Thanks for your comments.
I was aware that my changes weren't really atomic but I sent the patch to get some comments.
If everyone agrees with the approach I'll make separate patches tomorrow.
Thanks