Can you come up with a non-destructive working example for the appdb website(appdb.winehq.org)? ;-)
I ask because I thought we went through this some time ago but I agree that what you say looks like an open issue. Chris On Thursday 08 June 2006 11:35 am, Christoph Frick wrote: > On Thu, Jun 08, 2006 at 11:25:08AM -0400, Chris Morgan wrote: > > $sQuery = "Select versionId from appVersion where > > appId='"$_REQUEST['appId']."';"; > > > > Who's '' around $_REQUEST should prevent the string from being > > interpreted as anything but a single value passed as the value of appId. > > with appId="' or 1=1;'"?