[PLUG] SQL insertion attacks

Rich Shepard rshepard at appl-ecosys.com
Wed Oct 30 19:07:06 UTC 2002


On Wed, 30 Oct 2002, Bear Giles wrote:

> This is easy to fix in most cases, e.g., if you collect information on
> a web page that will be echoed to a web page, replace ' with ' and
> " with "... and also replace <, > and & to prevent abusive HTML.

  Thanks, Bear. I understood conceptually how it might work but your
explanation was right on target.

> But many sites don't bother.

  So? What else is new? Isn't that why there are so many open relays and
other irritants on the 'Net?

Rich





More information about the PLUG mailing list