[TYPO3-dev] Improvement against SQL injections (extension created)
Ingo Renner
typo3 at ingo-renner.com
Sun Jun 17 15:40:04 CEST 2007
ries van Twisk wrote:
Hi Ries,
> So right after the DB connection is created the SQL injection
> delectation system is executed.
> Currently it will try to find typical SQL injections
> (inserts/updates/deletes)
how about SELECTs? Rupi once showed how to get BE acces without needing
an insert or update IIRR...
So basically there shouldn't be any SQL in GET/POST
Ingo
More information about the TYPO3-dev
mailing list