[ic] sql filter not 100% safe for MySQL
list_subscriber at yahoo.co.uk
Sat Jul 24 13:38:21 EDT 2004
On Saturday, July 24, 2004 6:18 PM, list_subscriber at yahoo.co.uk wrote:
> What I am saying is that \'' (a backslash followed by 2 single
> quotes) is converted by the sql filter into:
> This is then interpreted by MySQL as 1 escaped quote, followed by 2
> single quotes (i.e. another escaped quote), followed by 1 single
> quote. So it is possible to "sneak" a "close quote" through the sql
> filter by mixing and matching \' and ''.
Actually, just \' would have been a simpler example:
When run through the sql filter this becomes \''
Then this is interpreted by MySQL as 1 escaped quote, followed by 1
unescaped single quote.
More information about the interchange-users