appdb security
Chris Morgan
cmorgan at alum.wpi.edu
Thu Jun 8 10:42:09 CDT 2006
Can you come up with a non-destructive working example for the appdb
website(appdb.winehq.org)? ;-)
I ask because I thought we went through this some time ago but I agree that
what you say looks like an open issue.
Chris
On Thursday 08 June 2006 11:35 am, Christoph Frick wrote:
> On Thu, Jun 08, 2006 at 11:25:08AM -0400, Chris Morgan wrote:
> > $sQuery = "Select versionId from appVersion where
> > appId='"$_REQUEST['appId']."';";
> >
> > Who's '' around $_REQUEST should prevent the string from being
> > interpreted as anything but a single value passed as the value of appId.
>
> with appId="' or 1=1;'"?
More information about the wine-devel
mailing list