Re: malformed sql queries

From: Peter Gutmann (pgut001at_private)
Date: Sat Dec 29 2001 - 19:19:37 PST

Next message: JayBonci: "Re: malformed sql queries"

Previous message: yankerat_private: "Grokster and your email"
Maybe in reply to: Gabriel A. Maggiotti: "malformed sql queries"
Next in thread: JayBonci: "Re: malformed sql queries"
Reply: JayBonci: "Re: malformed sql queries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"JayBonci" <jayat_private> writes:

>Wrap all your functions and do a $id =~ s/\'/\\\'/g; On your stuff.

That isn't really enough though.  At the moment I automatically escape ''',
'\', '%', and ';', and also '|' under Windows (wonderful option that last one,
try '|shell("cmd /c echo " & chr(124) & " format c:")|' on an ODBC data
source).  Are there any more which need to be caught?

Peter.

Next message: JayBonci: "Re: malformed sql queries"
Previous message: yankerat_private: "Grokster and your email"
Maybe in reply to: Gabriel A. Maggiotti: "malformed sql queries"
Next in thread: JayBonci: "Re: malformed sql queries"
Reply: JayBonci: "Re: malformed sql queries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Dec 29 2001 - 19:26:57 PST