Ben Finney wrote: > More specifically: They've been debugged for just these kinds of > purposes in a well-designed database, the SQL parser never sees the parameter values, so *injection* attacks are simply not possible. </F>