[AppDB] - protect against sql injection in select,
update and delete statements
Chris Morgan
cmorgan at alum.wpi.edu
Sat Jun 24 00:33:35 CDT 2006
Protect against sql injection attacks in select, update and delete statements
by using query_parameters(). mysql_real_escape_string() is used on variables
in cases where using query_parameters() isn't possible due to the complexity
of the query. These could potentially be simplified so query_parameters()
could be used.
Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: select_update_delete_injection.patch
Type: text/x-diff
Size: 137208 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-patches/attachments/20060624/29bf0ed4/select_update_delete_injection-0001.patch
More information about the wine-patches
mailing list