[Phpmyadmin-devel] Re: phpMyAdmin 'sql_query' Cross-Site Scripting and SQL Code Execution

Michal Čihař michal at cihar.com
Thu Apr 20 03:44:03 CEST 2006

On Thu, 20 Apr 2006 11:23:34 +0200 (CEST)
"Garvin Hicking" <phpmyadmin at supergarv.de> wrote:

> Ah, I overread that. Yes, escaping SQL when displaying it would be wise.

This is already done and works fine.

	Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20060420/a7ab76b9/attachment.sig>

More information about the Developers mailing list