which one is more easier. SQL injection or this buffer overload.