|
|
-
minodude Commented 2 Years ago through Blogs
Netra,
Try passing in:
1 = 1' + CHAR(59) + 'DROP TABLE daily_activities'
(59 is the ASCII code for the semicolon)
This is a losing battle! There are function calls, hexadecimal literals, and a whole bunch of other things which can be done to...
|
-
minodude Commented 2 Years ago through Blogs
Netra,
Try passing in:
1 = 1' + CHAR(59) + 'DROP TABLE daily_activities'
(59 is the ASCII code for the semicolon)
This is a losing battle! There are function calls, hexadecimal literals, and a whole bunch of other things which can be done to...
|
-
minodude Commented 2 Years ago through Blogs
Netra: no, no, a thousand times no. This won't work. In fact, it's completely useless.
For example, the string "---;---" will replace to "-;-" (through the innermost replace), and then to "--" (the second one). Suddenly you have a "--" in your string...
|
-
minodude Commented 2 Years ago through Blogs
Netra: no, no, a thousand times no. This won't work. In fact, it's completely useless.
For example, the string "---;---" will replace to "-;-" (through the innermost replace), and then to "--" (the second one). Suddenly you have a "--" in your string...
|
-
minodude Commented 3 Years ago through Blogs
Please don't take thi the wrong way, but this is a terrible idea and very bad security advice to be giving people.
Even your last attempt (at making sure the brackets are balanced) is completely wrong. What about text like (to modify Muhammad's comme...
|
-
minodude Commented 3 Years ago through Blogs
Please don't take thi the wrong way, but this is a terrible idea and very bad security advice to be giving people.
Even your last attempt (at making sure the brackets are balanced) is completely wrong. What about text like (to modify Muhammad's comme...
|