Re: Problem with my query...
This about is that, when someone use on url like;
http://url?username=''; AND password='known'
You put $username directly into the sql query. Of course attacker should know what's the rest of query to make a successful attack. But just putting quotes puts you into the secure side.
Subject
Written By
Posted
Re: Problem with my query...
July 30, 2005 01:35PM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.