Need to sanitize user entered data.

JoelMon / pyTalkManager

Software to aid public talk coordinators in the congregations of Jehovah's Witnesses.

http://theodevelopers.github.io/pyTalkManager

6 stars 1 forks source link

Closed JoelMon closed 9 years ago

JoelMon commented 9 years ago

Users can enter ' or " to inject into the database.

Example: User enters a note with the word don't and the ' will cause an SQL syntax error.