[ic] SQL Injection?

Jon Jensen jon at endpoint.com
Fri Sep 19 17:26:42 UTC 2014

On Fri, 19 Sep 2014, Bob Puff wrote:

> What does the filter you posted above need to wrap around?  Is that a 
> generic statement that will apply to any field, or do I need to 
> specifically call out a variable name?

I would go around any user-supplied data that is to be put into SQL, e.g. 
off the top of my head:

[query sql="SELECT * FROM products WHERE title LIKE '[sql-filter sql][cgi search][/sql-filter]'"]


Jon Jensen
End Point Corporation
+1 507-399-0057

More information about the interchange-users mailing list