MySQL Forums
Forum List  »  Newbie

Re: SQL Injection
Posted by: Peter Brawley
Date: November 29, 2009 11:59AM

Richard,

> So IMHO when using a quoted string you must _always_ double single quotes

Not sound, MySQL does not accept double quotes round string literals if the sql_mode setting includes 'ansi_quotes'. For discussion of the issue in .NET see for example http://www.devarticles.com/c/a/MySQL/SQL-Injection-Attacks-Are-You-Safe/.

PB
http://www.artfulsoftware.com

Options: ReplyQuote


Subject
Written By
Posted
November 28, 2009 10:43AM
November 28, 2009 11:48AM
November 29, 2009 09:32AM
November 30, 2009 12:21PM
November 29, 2009 12:03AM
November 29, 2009 09:49AM
Re: SQL Injection
November 29, 2009 11:59AM
November 29, 2009 01:37PM
November 29, 2009 02:36PM
November 29, 2009 03:09PM
November 30, 2009 08:45AM
November 30, 2009 09:51AM
November 30, 2009 10:17AM
November 30, 2009 08:39AM
November 30, 2009 10:55AM
November 30, 2009 11:34AM
December 01, 2009 04:14AM
January 18, 2010 11:49AM
January 18, 2010 12:10PM
January 18, 2010 12:10PM
January 18, 2010 12:07PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.