SQL formatting is security critical. We should ensure no value results in SQL injection.
This fuzzing tests should ensure that SQL injection is not possible when formatting individual values (specially strings). These should focus on testing the validity of the generated queries (probably with a real MySQL system), rather than on not invoking C++ UB (see #214 for this).
SQL formatting is security critical. We should ensure no value results in SQL injection.
This fuzzing tests should ensure that SQL injection is not possible when formatting individual values (specially strings). These should focus on testing the validity of the generated queries (probably with a real MySQL system), rather than on not invoking C++ UB (see #214 for this).
Some material: *https://security.stackexchange.com/questions/9908/multibyte-character-exploits-php-mysql