On 6/13/06, Kroeger, Simon (ext) <simon.kroeger.ext / siemens.com> wrote:
> I wouldn't think of an id derived from another table as been tainted.
> Perhaps I'm wrong, but please explain if this is the case. I don't think
> you can store malicious code in an NUMERIC column?

Well, in this case you are probably correct in assuming that that
particular data is safe, but it's not necessarily the case.  That
would be okay given that you check all your data _before_ you store it
in the database, but I wouldn't rely on the database for type safety.
What if you're using SQLite w/o strict affinity mode (which is the
default)?  If you don't do any validation in your application and you
just try to stick in that column, SQLite will be happy to do it for
you.  You might not be so happy of course =)


-- 
Lou.