MySQL :: Re: Code Injection

Contact MySQL |
Login | Register

The world's most popular open source database

MySQL.com
Downloads
Documentation
Developer Zone

Documentation Downloads MySQL.com

Developer Zone

Section Menu:

New Topic

Re: Code Injection

Posted by: Ian Woodyatt
Date: September 20, 2005 08:57AM

Hi,
You could also dissallow the ' and " characters from their quotes, this will stop them from trying to close your query and then open a new one as is often done on SQL Injection attacks e.g. w' OR ''='

Cheers Ian
www.iwsec.co.uk

Navigate: Previous Message• Next Message

Options: Reply• Quote

Subject

Views

Written By

Posted

Code Injection

6873

David Donahue

August 24, 2005 12:24PM

Re: Code Injection

2770

Kevin Carlson

August 25, 2005 11:10AM

Re: Code Injection

2636

Ian Woodyatt

September 20, 2005 08:57AM

Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.