[Esapi-user] [OWASP-ESAPI] Any codec for Sybase?

Jim Manico jim.manico at owasp.org
Thu Sep 16 22:22:07 EDT 2010


No to Sybase, and please do NOT use the database encoders! They are a (terrible) last resort (nor can we guarantee perfect SQL Injection protection if you use them to escape dynamic queries).

If you want complete SQL injection protection, you should be using the Java PreparedStatement class, variable binding, and the latest Sybase JDBC driver.

Respectfully,

-Jim Manico
http://manico.net

On Sep 16, 2010, at 8:17 PM, Vasten <vasten at gmail.com> wrote:

> Hi:
> I see codecs for Oracle and MySQL, is there one for Sybase?
> 
> Thanks,
> keith
> _______________________________________________
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-esapi


More information about the Esapi-user mailing list