[ic] sql filter not 100% safe for MySQL
Mike Heins
mike at perusion.com
Sat Jul 24 11:12:14 EDT 2004
Quoting John1 (list_subscriber at yahoo.co.uk):
> The sql filter doubles up and single quotes to avoid single quotes ruining a
> query and protect against sql injection.
>
> However, as you may also escape single quotes i.e. \' it is still possible
> to trip up a query.
You shouldn't mix and match the two. You should do either or.
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.765.647.1295 tollfree 800-949-1889 <mike at perusion.com>
Some people have twenty years of experience, some people have
one year of experience twenty times over. -- Anonymous
More information about the interchange-users
mailing list