12-05-2007, 12:05 PM
|
#2 (permalink)
|
|
The Acquainted
Join Date: Nov 2007
Posts: 127
Thanks: 14
|
Can't they also screw up your query by using a comment, '--'? And also perhaps by using:
Code:
a';DROP TABLE users; SELECT * FROM data WHERE name LIKE '%
(taken from Wikipedia)
http://en.wikipedia.org/wiki/SQL_injection covers many ways to inject malicious code. |
|
|
|