> Wes wrote:
>>
>> // SQL injection keywords
>> SQL_exp="[ ;](insert +into.+values|drop +table|create +table)";
>
> So if I use "; truncate table ...." I get past your RegEx?
I think this message lost something along the way (which was the
point, but not this way).
Unicode has about 30 different whitespace indicators, and which
one is used to a space (tab or linebreak would be fine too) is
not something you can predict acurately. Same for semicolons
(which often are not needed anyway as you can just write an
entire statement that evaluates to TRUE).
Jochem
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
