Rev CGI and SQL injection attacks

Dave Cragg dcragg at lacscentre.co.uk
Fri Dec 15 09:24:15 CST 2006


(A resend. I used the wrong address before.)

On 14 Dec 2006, at 22:53, Shao Sean wrote:

> Make sure to escape the following characters as well:
>
> NULL (ascii 0)
> \n   (newline)
> \r   (carriage return)
> \
> '
> "
> CTRL-Z
> _
> %
>
> You may also want to look at escaping [TAB] as well

Thanks for the list. I've been searching on the net too, and see a  
variety of techniques mentioned. I still don't fully understand why  
some characters need to be esacaped if you first escape "\" and then  
single quotes. Perhaps my mind isn't devious enough. :)

Cheers
Dave



More information about the use-livecode mailing list