[ic] sql filter not 100% safe for MySQL

John1 list_subscriber at yahoo.co.uk
Sat Jul 24 13:38:21 EDT 2004


On Saturday, July 24, 2004 6:18 PM, list_subscriber at yahoo.co.uk wrote:

> What I am saying is that \''  (a backslash followed by 2 single
> quotes) is converted by the sql filter into:
>
> \''''
>
> This is then interpreted by MySQL as 1 escaped quote, followed by 2
> single quotes (i.e. another escaped quote), followed by 1 single
> quote.  So it is possible to "sneak" a "close quote" through the sql
> filter by mixing and matching \' and ''.
>
Actually, just \' would have been a simpler example:

When run through the sql filter this becomes \''

Then this is interpreted by MySQL as 1 escaped quote, followed by 1
unescaped single quote.



More information about the interchange-users mailing list