[ic] sql filter not 100% safe for MySQL

Mike Heins mike at perusion.com
Sat Jul 24 11:12:14 EDT 2004

Quoting John1 (list_subscriber at yahoo.co.uk):
> The sql filter doubles up and single quotes to avoid single quotes ruining a
> query and protect against sql injection.
> However, as you may also escape single quotes i.e. \'  it is still possible
> to trip up a query.

You shouldn't mix and match the two. You should do either or.

Mike Heins
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
phone +1.765.647.1295  tollfree 800-949-1889 <mike at perusion.com>

Some people have twenty years of experience, some people have
one year of experience twenty times over. -- Anonymous

More information about the interchange-users mailing list