29 Nov
2005
29 Nov
'05
13:58
Hi all. Would this be of relevance: from php.ini: ; Use Sybase-style magic quotes (escape ' with '' instead of \'). ; Leave this OFF! magic_quotes_sybase = OFF HTH - KR On Mon, 28 Nov 2005, Victor Chapela wrote:
To: 'Jason binger'
, webappsec@securityfocus.com From: Victor Chapela Subject: RE: Simple to exploit SQL Injection ? Jason,
I agree with Rich, it seems your ' is being escaped by adding a second one. This should be interpreted by the database as a single quote within the quoted string '...'.