[ic] SQL Injection?
bob at nleaudio.com
Fri Sep 19 17:19:24 UTC 2014
> It is typically easy to fix in ITL code by using:
> [filter op=sql interpolate=1]...[/filter]
> [PREFIX-filter sql]...[/filter]
> for plain HTML text.
Thanks for the reply. You are correct in that this is code from the older
demo. I don't recall there being specific SQL in the pages in question,
although I will have a closer look. What does the filter you posted above
need to wrap around? Is that a generic statement that will apply to any
field, or do I need to specifically call out a variable name?
More information about the interchange-users