1 Mar
2005
1 Mar
'05
6:51 p.m.
As far as mysql module is concerned, all strings are enclosed in '' and the string itself is escaped using mysql_real_escape_string function. I am talking about 0.8.14 and 0.9.0 here.
Jan.
On 01-03 17:40, Joao Pereira wrote:
Hello, I just noticed that SER and his sql modules arent sql injection free. I mean, they are vulnerable to the input of bad words (drop, remove, insert,...) or the existence of the character " ' ". Is there any SER version thats free from it? Or do I have to change and recompile my SER code?
Thanks Joao
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers