On Sat, Jan 5, 2013 at 11:17 AM, Daniel Shahaf <d...@daniel.shahaf.name> wrote:
> This quoting is insufficient, it's still prone to SQL injections. Since
> this is a problem every user of this script would have to solve, how
> about having the script ensure that $FILE doesn't contain "'"?
>
> Perhaps make this configurable via a "upon-single-quote = {continue|raise}"
> knob in the config file.
Thanks for the feedback. Switching to environment variables and
letting the shell expand the variables should resolve that.
Done in r1429444
