<URL: http://bugs.freeciv.org/Ticket/Display.html?id=40018 >
> [EMAIL PROTECTED] - Tue Jan 15 02:16:57 2008]: > > Auth enabled server had died because of nasty SQL. There are as far as I know two ways that foreign SQL could be injected when auth is enabled: via the user name and via a new user password. For warclient what I have done (instead of disallowing the ' character, which actually occurs frequently in online names e.g. as in the English possessive) is to use the mysql c api function mysql_real_escape_string to escape any potentially harmful strings prior to using them to construct queries (prepared statements would obviate the need for this, but are generally more cumbersome to setup). _______________________________________________ Freeciv-dev mailing list [email protected] https://mail.gna.org/listinfo/freeciv-dev
