Thanks Robert. That's what I'm not sure of. The PCi compliance scans are saying they are vulnerable to SQL injections, and if I enter something like this in a form field being inserted by a TAF:
Steve"); UPDATE customers… then look at the database table, that's exactly what's in there. Shouldn't it be: Steve\"); UPDATE customers… if it is being escaped? I have to admit to a lack of knowledge is this area, so I apologize if I'm misunderstanding what the PCI compliance outfit is looking for. I can send you the specific URL's in private if you'd like. Thanks! -- Steve On Aug 21, 2011, at 2:28 PM, Robert Shubert wrote: > Steve, > > I’d like to look at your specific situation in more detail. Escaping of > values in SQL statements should be automatically handled by TeraScript Server. > > Robert > > From: Steve Briggs [mailto:st...@wowpages.com] > Sent: Sunday, August 21, 2011 11:30 AM > To: Witango-Talk@witango.com > Subject: Witango-Talk: Witango / TeraScript MySQL escape meta tag > > I need to convert a bunch of old TAF's for PCI compliance and I'm looking for > the easiest way to escape insert and update statements to avoid SQL > injections. Does anyone have a custom meta tag similar to PHP's > mysql_escape_string? i.e. <@MYSQLESCAPE <@POSTARG first_name>> > > Or any other suggestions as to the best way to go about this? > > Thanks! > > -- Steve > > > > > ************************************************** > Steve Briggs > Wow Pages > Portland, Maine > Longmont, Colorado > > 207-761-2450 > 888-325-5907 > > st...@wowpages.com > > ************************************************** > > > > > > > To unsubscribe from this list, please send an email to lists...@witango.com > with "unsubscribe witango-talk" in the body. > > To unsubscribe from this list, please send an email to lists...@witango.com > with "unsubscribe witango-talk" in the body. ************************************************** Steve Briggs Wow Pages Portland, Maine Longmont, Colorado 207-761-2450 888-325-5907 st...@wowpages.com ************************************************** ---------------------------------------- To unsubscribe from this list, please send an email to lists...@witango.com with "unsubscribe witango-talk" in the body.
