Re: [Serusers] sql injection

1 Mar 2005

As far as mysql module is concerned, all strings are enclosed in '' and
the string itself is escaped using mysql_real_escape_string function. I
am talking about 0.8.14 and 0.9.0 here.

  Jan.

On 01-03 17:40, Joao Pereira wrote:
...
  Hello,
 I just noticed that SER and his sql modules arent sql injection free. I
 mean, they are vulnerable to the input of bad words (drop, remove,
 insert,...) or the existence of the character " ' ". Is there any SER
 version thats free from it? Or do I have to change and recompile my SER
 code?

 Thanks
 Joao

 _______________________________________________
 Serusers mailing list
 serusers(a)lists.iptel.org
 http://lists.iptel.org/mailman/listinfo/serusers 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [Serusers] sql injection