Looking at this:
http://www.unixwiz.net/techtips/sql-injection.html
both the escape and hex method, should prevent.
--
Robert Garcia
President - BigHead Technology
VP Application Development - eventpix.com
13653 West Park Dr
Magalia, Ca 95954
ph: 530.645.4040 x222 fax: 530.645.4040
[EMAIL P
I'm sorry, but SQL injection, sounds like porn for dbs.
--
Robert Garcia
President - BigHead Technology
VP Application Development - eventpix.com
13653 West Park Dr
Magalia, Ca 95954
ph: 530.645.4040 x222 fax: 530.645.4040
[EMAIL PROTECTED] - [EMAIL PROTECTED]
http://bighead.net/ - http://eve
Yes, this is why escaping is preferred. Also, witango processor overhead on encode. Java bean for escape would be preferred, I will probably write one in the next couple of weeks. One nice thing about a bean, is I can use in witango, or in php if needed. But php has all those escape methods. --
no, I have to do separate, which is why I said like 6 statements are necessary with that one solution. -- Robert Garcia President - BigHead Technology VP Application Development - eventpix.com 13653 West Park Dr Magalia, Ca 95954 ph: 530.645.4040 x222 fax: 530.645.4040 [EMAIL PROTECTED] - [EMAIL
Here's one I just ran into.
Do NOT quote parameters in the <@BIND> meta tag.
<@BIND NAME="text" SCOPE="user"> ==> [BoundVals] ["text"=' ']
but
<@BIND NAME=text SCOPE=user> ==> [BoundVals] [text='try now
';]
I'll file a bug report.
Bill
___
Many thanks.
A couple of very salient points that could allow me to use DirectDBMS
for my insert/updates with BLOBs. The hex/unhex is cool, but doubles
the packet size, so mysql's max_allowed_packet needs to be considered.
Haven't had a need for mass inserts/updates with BLOBs, but I do
We try to use insert/update/delete actions whenever possible. But
have at many times had to use directdbms.
One very good use of it, is to prevent looping in witango. For
instance, I have software connecting to a webservice, and I send xml
for witango to insert many image categories. Usuall
Supported with active development on new versionsOn 4-Apr-06, at 2:08 PM, Cornelius Conboy wrote:Jon, Great to hear it.Is it supported or orphanware? From: Jon van der Raadt [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 04, 2006 4:05 PMTo: witango-talk@witango.comSubject: Re: Witango-Talk: checki
Witango 6 is in the works and on its way.
Shane Pearlman
831.345.7033
From: Cornelius Conboy
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 04, 2006 1:08
PM
To: witango-talk@witango.com
Subject: RE: Witango-Talk:
checking back in - what's going on?
Jon,
Great
Jon,
Great to hear it.
Is it supported or orphanware?
From: Jon van der
Raadt [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 04, 2006 4:05
PM
To: witango-talk@witango.com
Subject: Re: Witango-Talk:
checking back in - what's going on?
Many of us are still successfully
Many of us are still successfully using the product...JonOn 4-Apr-06, at 2:03 PM, Cornelius Conboy wrote:A test email to see if the listserve is working and more importantly if it’s active. Been away from Witango for a few years but found a project where it might be useful – if it’s still a viable
A test email to see if the listserve is working and more
importantly if it’s active. Been away from Witango for a few years but
found a project where it might be useful – if it’s still a viable
platform. Any advice?
___
Bill,
I was wondering about this recently also and found some interesting
tidbits. One is that at least in SQL Server, when you use an
insert/update action, the SQL is actually executed by Witango calling
one of the built-in stored procedures to execute the sql passed to it by
Witango. So SQL
13 matches
Mail list logo