[Phpmyadmin-devel] Re: phpMyAdmin 'sql_query' Cross-Site Scripting and SQL Code Execution
Michal Čihař
michal at cihar.com
Thu Apr 20 03:44:03 CEST 2006
On Thu, 20 Apr 2006 11:23:34 +0200 (CEST)
"Garvin Hicking" <phpmyadmin at supergarv.de> wrote:
> Ah, I overread that. Yes, escaping SQL when displaying it would be wise.
This is already done and works fine.
--
Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20060420/a7ab76b9/attachment.sig>
More information about the Developers
mailing list