[AppDB] - protect against sql injection in select, update and delete statements

Chris Morgan cmorgan at alum.wpi.edu
Sat Jun 24 00:33:35 CDT 2006

Protect against sql injection attacks in select, update and delete statements 
by using query_parameters().  mysql_real_escape_string() is used on variables 
in cases where using query_parameters() isn't possible due to the complexity 
of the query. These could potentially be simplified so query_parameters() 
could be used.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: select_update_delete_injection.patch
Type: text/x-diff
Size: 137208 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-patches/attachments/20060624/29bf0ed4/select_update_delete_injection-0001.patch

More information about the wine-patches mailing list