Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:27436
Return-Path: <mls@pooteeweet.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 1671 invoked by uid 1010); 14 Jan 2007 10:34:14 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 1656 invoked from network); 14 Jan 2007 10:34:14 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 14 Jan 2007 10:34:14 -0000
Authentication-Results: pb1.pair.com smtp.mail=mls@pooteeweet.org; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=mls@pooteeweet.org; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain pooteeweet.org from 212.112.227.169 cause and error)
X-PHP-List-Original-Sender: mls@pooteeweet.org
X-Host-Fingerprint: 212.112.227.169 ipx11223.ipxserver.de Linux 2.5 (sometimes 2.4) (4)
Received: from [212.112.227.169] ([212.112.227.169:34987] helo=ipx11223.ipxserver.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 50/E6-20730-5270AA54 for <internals@lists.php.net>; Sun, 14 Jan 2007 05:34:13 -0500
Received: from localhost (localhost [127.0.0.1])
	by ipx11223.ipxserver.de (Postfix) with ESMTP
	id 9D353DF009B; Sun, 14 Jan 2007 11:34:10 +0100 (CET)
Received: from ipx11223.ipxserver.de ([127.0.0.1])
 by localhost (flottensignalgeber [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 28518-06; Sun, 14 Jan 2007 11:34:08 +0100 (CET)
Received: from [127.0.0.1] (232.122.76.83.cust.bluewin.ch [83.76.122.232])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ipx11223.ipxserver.de (Postfix) with ESMTP
	id 58257DF0111; Sun, 14 Jan 2007 11:34:08 +0100 (CET)
Message-ID: <45AA0720.7030405@pooteeweet.org>
Date: Sun, 14 Jan 2007 11:34:08 +0100
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: Wez Furlong <kingwez@gmail.com>
Cc: "internals@lists.php.net" <internals@lists.php.net>
References: <F1076B95-2D05-4690-AE84-21FC0552F17A@ch2o.info>	 <45A8FC49.7050909@hardened-php.net> <45A8FF84.7000305@pooteeweet.org> <4e89b4260701140116h1314603cpffc30ffb66461ea8@mail.gmail.com>
In-Reply-To: <4e89b4260701140116h1314603cpffc30ffb66461ea8@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by somedaemon at backendmedia.com
Subject: Re: [PHP-DEV] Comments on PHP security
From: mls@pooteeweet.org (Lukas Kahwe Smith)

Wez Furlong wrote:
> On 1/13/07, Lukas Kahwe Smith <mls@pooteeweet.org> wrote:
>> SQLite does not natively support prepared statements anyways.
> 
> Yes it does :)

Ah, I got thrown off by the use of the word "precompile" which they also 
used to describe dumps of the byte code generated by the SQL compiler. 
The later was useful to be able to ship the SQLite binary with the SQL 
compiler stripped out to make the binary lean and safe on the 
compilation process. I guess they now have true prepared statements 
though he calls them precompiled.

Thanks for the correction.

regards,
Lukas