[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] RE: Simple to exploit SQL Injection ?



Hi all.

Would this be of relevance:

from php.ini:

; Use Sybase-style magic quotes (escape ' with '' instead of \').
; Leave this OFF!
magic_quotes_sybase = OFF

HTH - KR 

On Mon, 28 Nov 2005, Victor Chapela wrote:

> To: 'Jason binger' <cisspstudy@xxxxxxxxx>, webappsec@xxxxxxxxxxxxxxxxx
> From: Victor Chapela <victor@xxxxxxxxx>
> Subject: RE: Simple to exploit SQL Injection ?
> 
> Jason,
> 
> I agree with Rich, it seems your ' is being escaped by 
> adding a second one. This should be interpreted by the 
> database as a single quote within the quoted string '...'. 

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here