On Dec 8, 2004, at 3:33 AM, Harald Joerg wrote:
I've just tested it: TT2's parser converts q('a''b') to two separate parameters 'a' and 'b'. So, if you have funky SQL characters, you'd *really* better wait for TT3 :-)
Or sanitize your input from users some other way. This could lead to a BIG SQL-injection hole.
Vivek Khera, Ph.D. +1-301-869-4449 x806
smime.p7s
Description: S/MIME cryptographic signature
