So as you can see there is never any user input to worry too much about
*Yet*.
The trouble with knock-up applications is that they invariably creep; n
years from now, there might well be a way for user-entered stuff to get
into the SQL stream. That's when gnarly injection problems crawl out
Vic wrote:
So as you can see there is never any user input to worry too much about
*Yet*.
The trouble with knock-up applications is that they invariably creep; n
years from now, there might well be a way for user-entered stuff to get
into the SQL stream. That's when gnarly injection
2009/2/4 Chris Smith cj...@zepler.net:
Brian Chivers wrote:
mysql_query(INSERT INTO stream (channel, starttime, title,
description, genre, filename) VALUES
('$channel','$starttime','$title','$description','$genre','$filename'));
It sounds like you're not doing any form of input validation;
Brian Chivers wrote:
I'm trying to insert the text below into a mysql table but it's
complaining, I think it's the ' that's causing the problem.
childrens's/youth program (general)
The table is called stream and the field I'm trying to insert into is
called genre and it's a varchar(200)
Hugo Mills wrote:
On Wed, Feb 04, 2009 at 12:02:14PM +, Brian Chivers wrote:
I'm trying to insert the text below into a mysql table but it's complaining,
I think it's the '
that's causing the problem.
childrens's/youth program (general)
The table is called stream and the field