[ic] SQL Injection?

Bob Puff bob at nleaudio.com
Fri Sep 19 17:19:24 UTC 2014

Hi Jon,

> It is typically easy to fix in ITL code by using:

> [filter op=sql interpolate=1]...[/filter]

> or

> [PREFIX-filter sql]...[/filter]

> around the SQL, or the js filter in JavaScript code or the entities filter 
> for plain HTML text.

Thanks for the reply.  You are correct in that this is code from the older
demo.  I don't recall there being specific SQL in the pages in question,
although I will have a closer look.  What does the filter you posted above
need to wrap around?  Is that a generic statement that will apply to any
field, or do I need to specifically call out a variable name?


More information about the interchange-users mailing list