search

shivaramrulz / anywhereindb

Automatically exported from code.google.com/p/anywhereindb
0 stars 0 forks source link

Security vulnerability #6

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
The script provides no proper handling of search strings sent directly to the 
database. If you do not run with magic_quotes on, a search string like

" UNION SELECT password FROM mysql.user; -- 

leaves you open to sql injection attacks.

Original issue reported on code.google.com by sno...@gmail.com on 2 Oct 2010 at 2:07

GoogleCodeExporter commented 9 years ago 
Thnak you.
Now, We are using "mysql_real_escape_string"

Original comment by happ...@gmail.com on 22 Dec 2010 at 4:48