20 Apr
2006
20 Apr
'06
5:22 a.m.
Hi!
Ah, I overread that. Yes, escaping SQL when displaying it would be wise.
Seems I missed that, too. Since when does PMA use sessions, and what are they
currently used for? Did I also miss session saving of large SQL queries when
browsing rows to get rid of the "?" editing buttons and max-GET-length exceeded
problems?
Best regards,
Garvin
--
++ Garvin Hicking | Web-Entwickler [PHP] | www.garv.in | ICQ 21392242
++ Developer of | www.phpMyAdmin.net | www.s9y.org
++ Make me happy | http://wishes.garv.in
Actually
that's not a solution to the problem. PMA needs to be fed SQL
commands, and we need to accept the via POST.
yes, but we should escape it before displaying in browser 1. We need to
utilize sessions. Only via sessions, form tokens could be
easily implemented, because a server-token needs to be compared with a
client-token.
sessions already utilized