On Fri, May 30, 2008 at 11:37 AM, Phillip Gawlowski
<cmdjackryan / googlemail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ryan Lewis wrote:
> | or even:
> | (0..4).each { |q| conn.exec( 'UPDATE SCH_EVENT SET P_ID = 2444334 where
> | RANK = #{q.to_f} AND playlist_id = 432' ) }
>
> Gotta love an SQL injection waiting to happen..

Umm... duh.  It was probably an example.  Anybody worth their grain of
salt would know you have to check the contents of q first.

Ask the guy before you throw rocks.

Todd