Rev CGI and SQL injection attacks

Dave Cragg dcragg at
Fri Dec 15 10:24:15 EST 2006

(A resend. I used the wrong address before.)

On 14 Dec 2006, at 22:53, Shao Sean wrote:

> Make sure to escape the following characters as well:
> NULL (ascii 0)
> \n   (newline)
> \r   (carriage return)
> \
> '
> "
> _
> %
> You may also want to look at escaping [TAB] as well

Thanks for the list. I've been searching on the net too, and see a  
variety of techniques mentioned. I still don't fully understand why  
some characters need to be esacaped if you first escape "\" and then  
single quotes. Perhaps my mind isn't devious enough. :)


More information about the Use-livecode mailing list