At 5:07 PM +0100 11/30/99, Matthias Urlichs wrote:
>> FA> So, by extension, i should verify first if my integers are
>> Yes. It is your responsibility to ensure your data is what you expect
>> it to be before storing it. If not, then you risk trying to store
>> certain data into a format or space that cannot store it. Don't they
>> teach these things in school anymore? ;-)
>Case in point, somebody types "0;drop table foobar;" into your nice
>"enter a serial number here" field.
I've seen this type of exploit before, but how does that actually
work in MySQL? You can only issue a single query at a time through
If you executed the query by forking off a mysql client, I can see
why that would be a problem, but that would be highly inefficient.
Paul DuBois, paul@stripped