I have a software that LIMITs queries based on user input. I'm aware of SQL injections and DOS possibilities here so I'm not interested in hearing about those. What I wonder is that how high limit should I put for common requests like getting the latest X items? Currently I allow the client to specify the value, and I make sure the LIMIT is always between 1 - 100. Is that good?
How high user-specified SQL LIMITs should I allow?
- Thread starter excesos
- Start date