Rev CGI and SQL injection attacks
Dave Cragg
dcragg at lacscentre.co.uk
Fri Dec 15 10:24:15 EST 2006
(A resend. I used the wrong address before.)
On 14 Dec 2006, at 22:53, Shao Sean wrote:
> Make sure to escape the following characters as well:
>
> NULL (ascii 0)
> \n (newline)
> \r (carriage return)
> \
> '
> "
> CTRL-Z
> _
> %
>
> You may also want to look at escaping [TAB] as well
Thanks for the list. I've been searching on the net too, and see a
variety of techniques mentioned. I still don't fully understand why
some characters need to be esacaped if you first escape "\" and then
single quotes. Perhaps my mind isn't devious enough. :)
Cheers
Dave
More information about the use-livecode
mailing list