Secure Coding mailing list archives
Re: Scripting Languages and Secure Coding + code
From: Jeremy Thibeaux <jeremy.thibeaux () lucidfactory com>
Date: Fri, 05 Dec 2003 02:53:08 +0000
Hey, if you're using SQL there, the user may just enter '%' or any other wilcard char, which makes it a lot easier.
Hmm...I thought % or other wildcards only applied when LIKE was being used. Of course, that does bring up an important point. If you are looking for an exact match, NEVER use LIKE to do the comparison. Jeremy Thibeaux Lucid Factory, inc.
Current thread:
- Re: Scripting Languages and Secure Coding + code, (continued)
- Re: Scripting Languages and Secure Coding + code Andrew Rucker Jones (Dec 04)
- Re: Scripting Languages and Secure Coding + code Paul R. C. Ming (Dec 04)
- Re: Scripting Languages and Secure Coding + code David M. Wilson (Dec 05)
- RE: Scripting Languages and Secure Coding + code Dave Paris (Dec 07)
- Re: Scripting Languages and Secure Coding + code ck (Dec 08)
- Re: Scripting Languages and Secure Coding + code ck (Dec 08)
- Re: Scripting Languages and Secure Coding + code David M. Wilson (Dec 09)
- Re: Scripting Languages and Secure Coding + code Carsten Kuckuk (Dec 09)
- Re: Scripting Languages and Secure Coding + code Andrew Rucker Jones (Dec 04)
- Re: Scripting Languages and Secure Coding + code securecodingorg (Dec 04)
- Re: Scripting Languages and Secure Coding + code Jeremy Thibeaux (Dec 04)
- Re: Scripting Languages and Secure Coding Bob Toxen (Dec 04)
- Re: Scripting Languages and Secure Coding der Mouse (Dec 04)
- Re: Scripting Languages and Secure Coding Louis Solomon [SteelBytes] (Dec 05)
- Re: Scripting Languages and Secure Coding ljknews (Dec 06)
- Re: Scripting Languages and Secure Coding Bob Toxen (Dec 05)