As far as I can tell via tests, quotes, backticks, commas, semicolons, and parenthesis are not escaped on a DB.insert statement.
I am pretty green on SQL injection attacks, but isnt this a vulnerability? -- You received this message because you are subscribed to the Google Groups "sequel-talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/sequel-talk?hl=en.
