"JayBonci" <jayat_private> writes: >Problem is, it's a differnet problem when using ODBC stuff and when doing say >a standard connection to a mysql server. I don't see anything vulnerable (this >by no means that it's not) with a % (or any other mysql regexp), because you >need to explicitly call that regular expression with a LIKE statement in order >for it to do anything. I was more concerned about people doing things like using %39 to escape filtering for ' characters, a la Microsoft's continuing ".." problems. Peter.
This archive was generated by hypermail 2b30 : Sat Dec 29 2001 - 20:12:03 PST