I've been trying looking for vulnerabilities by attack my Witango
code a la
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
It looks like the Witango's SQLENCODING is doing the trick.
I guess it's like magic_quotes() in php. There seems to be a lot of
controversy about magic-quotes, mostly philosophical, about
preferring to escape instead. I don't want to start a debate about
escaping versus doubling single quotes.
But I would like to hear if anybody has found the need for any other
SQL filtering.
Bill
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
