there is security case here e.g, allowing the cracker chain "DELETE FROM X" to "SELECT
* FROM X WHERE ID=$id" where the $id is got via the url without checking (most of the
cases).
limiting the feature by optional parameter may needed.
--
"Timm Friebe" <[EMAIL PROTECTED]> wrote in message
1045250219.49462.84.camel@localhost">news:1045250219.49462.84.camel@localhost...
> On Fri, 2003-02-14 at 14:37, Michael Ulbrich wrote:
> > Hi there,
> Hi,
>
> > here's a small patch for sybase_query() in ext/sybase_ct.c which gives
> > some extended functionality in that it allows to send batch queries from
> > php to the Sybase backend.
> I'll have a look at it as soon as possible.
>
> Hello from Karlsruhe to Berlin:) - Timm
>
