Re: FN-FORUM:

date posted 1st November 2003 10:01

You are right - I was thinking that myself last night after I posted. I
hadn't realise about SQL injection attacks until about a couple of weeks or
so ago - very nasty. I didn't write by the way - it is a site I have just
taken over from someone else and is full of things like missing closing tags
etc. I am going to change it to a post instead. Why it cut off at 128
characters I don't know - if I change the ' to a " then the whole string
goes through OK and if I put a space before the = it still stops after the =
so I think the length of 128 is a red herring. Once I have done this change
it is going to take me hours to clean up the code -- ahhhhh!


Pam



----- Original Message -----
From: [EMAIL REMOVED] [EMAIL REMOVED] [EMAIL REMOVED]
To: [EMAIL REMOVED]
Sent: Friday, October 31, 2003 9:59 PM
Subject: Re: FN-FORUM:


>
> PAMELA WHITTAKER wrote:
> > Hi,
> > Can any one see what is wrong with this please
>
> Its ripe for a SQL injection attack, I would bin whatever code you have
and
> rethink.
>
> http://www.devarticles.com/art/1/138
> http://www.4guysfromrolla.com/webtech/061902-1.shtml
>
>
> Rick
>
> Kitty5 NewMedia http://Kitty5.com
> POV-Ray News & Resources http://Povray.co.uk
> TEL : +44 (01270) 501101 - ICQ : 15776037
>
> PGP Public Key
> http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x231E1CEA
>
>
> ==========
> redmail.com - webmail with a difference!
> 10Mb for just GBP 9.99 a year. Launch special 1Gb for GBP 99.99 a year
> IMAP, POP3, Spam Filtering and Anti Virus as standard.
> Visit http://www.redmail.com/?fl-signup to join.
>
> To advertise here: http://www.freelancers.net/advertising.html
>
>