Hello, are there any precautions against SQL Injection?
Example (http://de.wikipedia.org/wiki/SQL_Injection): User enters the value sql' ;GO EXEC cmdshell('format C') -- which leads to execution of statement SELECT url, title FROM myindex WHERE keyword LIKE '%sql' ;GO EXEC cmdshell('format C') --%' instead of SELECT url, title FROM myindex WHERE keyword LIKE '%sql%' Best regards, Markus Müller -- Markus Müller, Karlsruhe, www.mm65.de --------------------------------------------------------------------- To unsubscribe, e-mail: torque-user-unsubscr...@db.apache.org For additional commands, e-mail: torque-user-h...@db.apache.org
