Hi, I don't think that is so easy do SQL Injection with Torque, all
query data are SQL Escaped.
Bye!
Il giorno mer, 16/09/2009 alle 11.10 +0200, Graham Leggett ha scritto:
> Markus Müller wrote:
>
> > are there any precautions against SQL Injection?
>
> My understanding is that all SQL stateme
Markus Müller wrote:
> are there any precautions against SQL Injection?
My understanding is that all SQL statements generated either use
prepared statements, or their arguments are escaped as per the
database's requirements.
If torque allowed sql injection, that would be a major security flaw.
Hello,
are there any precautions against SQL Injection?
Example (http://de.wikipedia.org/wiki/SQL_Injection):
User enters the value
sql' ;GO EXEC cmdshell('format C') --
which leads to execution of statement
SELECT url, title FROM myindex
WHERE keyword
LIKE '%sql' ;GO EXEC cm
