[ic] SQL Injection?
Bob Puff
bob at nleaudio.com
Fri Sep 19 17:19:24 UTC 2014
Hi Jon,
> It is typically easy to fix in ITL code by using:
> [filter op=sql interpolate=1]...[/filter]
> or
> [PREFIX-filter sql]...[/filter]
> around the SQL, or the js filter in JavaScript code or the entities filter
> for plain HTML text.
Thanks for the reply. You are correct in that this is code from the older
demo. I don't recall there being specific SQL in the pages in question,
although I will have a closer look. What does the filter you posted above
need to wrap around? Is that a generic statement that will apply to any
field, or do I need to specifically call out a variable name?
Bob
More information about the interchange-users
mailing list