Jump to content

  • Log In with Google      Sign In   
  • Create Account

#Actualrip-off

Posted 11 March 2013 - 02:53 PM

While the query may succeed, your updated code does not appear to address some of the other concerns I've raised. In particular, it is still vulnerable to SQL injection.

 

In fact, it introduces* a new issue, where the combined length of the query until the format specifier and the user's name could cause some of the final characters of the query to not be written to the string, again leading to potential syntax errors and related problems.

 

* Well, at the very least it highlights a pre-existing issue


#1rip-off

Posted 11 March 2013 - 02:53 PM

While the query may succeed, your updated code does not appear to address some of the other concerns I've raised. In particular, it is still vulnerable to SQL injection.

 

In fact, it introduces* a new issue, where the combined length of the query until the format specifier and the user's name could cause some of the final characters of the query to not be written to the string, again leading to potential syntax errors and related problems.

 

Well, at the very least it highlights this issue


PARTNERS