search

ivannovak / jpmaster77-s-Login-System-

jpmaster77's Login System v2.0.4d
http://www.evolt.org/node/60384
Other
42 stars 28 forks source link

Critical! Internal mail system and SQL injection #8

Closed rainworm closed 13 years ago

rainworm commented 13 years ago

In this internal mail system, you are taking raw input data and inserting it into a MySQL database. You have left yourself wide open for a security issue known as SQL Injection.

I strongly advise, to use MySql function "mysql_real_escape_string".

greetings, rainworm

ivannovak commented 13 years ago

I will heed your advice and implement this, thanks! :)

rainworm commented 13 years ago

Great to hear that. :)