Right. SQL injections don't occur due to forms. They happen due to fragile validation/transformation of data coming from forms into SQL statements/arguments.
On Thu, Jul 4, 2013 at 4:44 AM, Massimo Di Pierro <[email protected]> wrote: > Forms do not affect SQL injections as long as you use the DAL to communicate > to the database. If you use row SQL you may be vulnerable to SQL injections. > > > On Thursday, 4 July 2013 00:43:23 UTC-5, qwer qwer wrote: >> >> I have used normal html forms instead of web2py forms at many places.Does >> this make sql injections possible? Can someone please give an example of >> such an injection, if possible. thanks > > -- > > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
