appdb security
Christoph Frick
frick at sc-networks.de
Thu Jun 8 10:35:15 CDT 2006
On Thu, Jun 08, 2006 at 11:25:08AM -0400, Chris Morgan wrote:
> $sQuery = "Select versionId from appVersion where
> appId='"$_REQUEST['appId']."';";
>
> Who's '' around $_REQUEST should prevent the string from being interpreted as
> anything but a single value passed as the value of appId.
with appId="' or 1=1;'"?
--
cu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-devel/attachments/20060608/fb59217f/attachment.pgp
More information about the wine-devel
mailing list