wtf ??
ISHYB10 4 years ago
The concept is simple: programming languages use parentheses " " to distinguish a string from the rest of the code.
When a box asks you to enter a string, let it contain " so that the string is terminated and then put in some code, before beginning another string.
To get around this you should sanitise the contents of a string before passing it to SQL
p.s. ReMOTeR, you are a coward. use your real name in your handle.
spikedgav 4 years ago 2
Loading...Saving...
Loading...Saving...
wtf ??
ISHYB10 4 years ago
The concept is simple: programming languages use parentheses " " to distinguish a string from the rest of the code.
When a box asks you to enter a string, let it contain " so that the string is terminated and then put in some code, before beginning another string.
To get around this you should sanitise the contents of a string before passing it to SQL
p.s. ReMOTeR, you are a coward. use your real name in your handle.
spikedgav 4 years ago 2