Sebastian Mendel a écrit :
Hi,
how does phpMyAdmin normaly escapes string inserted in sql querys? or why is there no function like PMA_DBI_escapeString() ?
We are not using escaping, and I don't think we should do. A few months ago I had a look at our login panel and I don't think there is an injection problem there.
IMO there are two situations here.
1. If you are talking about what we do with queries coming from users, for example in sql.php, users need to be able to send any query here.
2. If you found some place where we build a query in PMA and there could be an injection problem, please tell us (not on this list :) )
Marc
Marc