On Tue, 25 May 1999, Vittal Aithal wrote: > Here's some javascript stuff that'll clean up quotes and things before > having them sent off in a sql query... only tested with access, so YMMV. Do keep in mind that while this will stop people from using the aforementioned exploits *only when using your forms*. It is still possible to download your web pages, remove the javascript hooks, and then submit their information, or call the CGI(if method GET is accepted) by hand and get around such security measures.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:47:12 PDT