Re: malformed sql queries

From: Peter Gutmann (pgut001at_private)
Date: Sat Dec 29 2001 - 20:05:05 PST

Next message: Blue Boar: "Re: malformed sql queries"

Previous message: JayBonci: "Re: malformed sql queries"
Maybe in reply to: Gabriel A. Maggiotti: "malformed sql queries"
Next in thread: Blue Boar: "Re: malformed sql queries"
Reply: Blue Boar: "Re: malformed sql queries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"JayBonci" <jayat_private> writes:

>Problem is, it's a differnet problem when using ODBC stuff and when doing say
>a standard connection to a mysql server. I don't see anything vulnerable (this
>by no means that it's not) with a % (or any other mysql regexp), because you
>need to explicitly call that regular expression with a LIKE statement in order
>for it to do anything.

I was more concerned about people doing things like using %39 to escape
filtering for ' characters, a la Microsoft's continuing ".." problems.

Peter.

Next message: Blue Boar: "Re: malformed sql queries"
Previous message: JayBonci: "Re: malformed sql queries"
Maybe in reply to: Gabriel A. Maggiotti: "malformed sql queries"
Next in thread: Blue Boar: "Re: malformed sql queries"
Reply: Blue Boar: "Re: malformed sql queries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Dec 29 2001 - 20:12:03 PST