Jonathan Daugherty wrote: > # Has anyone checked that code for SQL injection vulnerabilities? > # > # (For example, line 197 in openid_module looks scary, but maybe > # I'm missing something.) > > Presuming Drupal's db_query() replaces placeholders with escaped data, > there's no injection vulnerability there. It does, so there isn't. alf.