[ic] SQL query as cgi par: strange behavior

Marco Mescoli m.mescoli at omnib.it
Fri Dec 2 16:50:01 UTC 2011


Il 02/12/2011 16:50, Stefan Hornburg (Racke) ha scritto:
> On 12/02/2011 04:36 PM, Marco Mescoli wrote:
>>>> All you need to do is call that page with ?sku=drop+table+products and
>>>> you
>>>> will have a dead catalog.
>> ?sql=drop+table+products
>>
>> You are a bad boy Racke.
>> Sssshh, this is our secret ;-)
> Writing your own code to build search/SQL queries gives you more 
> flexibility
> and can't be exploited like above.
> Have fun
> Racke

My own code ?
Do you mean inside [calc] [perl] or with local/global usertag or how else ?

-- 
Marco "Fino alla bara sinpara"
Marco "Up to demise we rise"
 




More information about the interchange-users mailing list