|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Nicolas GREGOIRE (nicolas.gregoire
7THZONE.COM)Date: Wed Feb 07 2001 - 16:13:37 CST
"Aurobindo Sundaram (+1 512 918 1390)" a écrit :
>
> I have to audit a bit of code that does the following
>
> SELECT Name FROM Users WHERE Name LIKE '%input%' ORDER BY Name
Bad, so bad ...
Check r.f.p.'s PacketStorm hack
(http://www.wiretrip.net/rfp/p/doc.asp?id=42&iface=7)
The Perl module DBI doesn't allow several queries in one line.
So you can just insert some fields in the "where"
But with MS-SQL, all is possible (delete table, mail results, ...)
Nicob
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]