Re: Using parameters to prevent disaster
yes, if you don't check it I could put this into the email field
'dummy email'; drop table emails; select * from emails
and that would drop your emails table very quickly. You definitely cannot run code that above directly off form inputs.
-reggie
Subject
Written By
Posted
November 22, 2004 04:58AM
November 24, 2004 03:12PM
Re: Using parameters to prevent disaster
November 30, 2004 04:29PM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.