2013/3/25 Joó Ádám :
>> And how many web forms forget to check the presence of a percent sign
>> and are executing SQL searches without cheking it using clauses
>> similar to "WHERE table.field LIKE :parameter" by binding directly the
>> submitted form value to the "parameter" variable placeholder,
> And how many web forms forget to check the presence of a percent sign
> and are executing SQL searches without cheking it using clauses
> similar to "WHERE table.field LIKE :parameter" by binding directly the
> submitted form value to the "parameter" variable placeholder, ignoring
> the fact that
You probably thought on the little Bobby Tables when writing this email...
http://xkcd.com/327/
Le 23 mars 2013 01:35, "Philippe Verdy" a écrit :
> And how many web forms forget to check the presence of a percent sign
> and are executing SQL searches without cheking it using clauses
> similar to
And how many web forms forget to check the presence of a percent sign
and are executing SQL searches without cheking it using clauses
similar to "WHERE table.field LIKE :parameter" by binding directly the
submitted form value to the "parameter" variable placeholder, ignoring
the fact that the perce
This one is incredible:
https://bugzilla.redhat.com/show_bug.cgi?id=922433
This sort of failure to perform input validation and/or escaping is also
a sign of bad software engineering in general. I recall an important CGI
form of my university refusing to let me submit because I input an ASC
But is how do we know whether the bug is there all the time!
On Fri, Mar 22, 2013 at 4:45 PM, Stephane Bortzmeyer wrote:
> This one is incredible:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=922433
>
>
>
This one is incredible:
https://bugzilla.redhat.com/show_bug.cgi?id=922433
7 matches
Mail list logo