@marianozetax: Wait, I was talking

RE: RE: dPoll development updates: Result filtering and voting audits

You are viewing a single comment's thread from:

RE: dPoll development updates: Result filtering and voting audits

marianozetax(37)

Published in

#utopian-io

Words

0

Reading

0 min

Listen

Play

2019-02-08 14:22

Wait, I was talking about a vulnerability called "sql injection", it's a way to introduce malicious sql code in a human filled form.

If you have a field that is concatenated in a sql query, some like:

query = "SELECT * FROM USERS WHERE SP > " + sp;

If I put this in the field:
[1 select password from users --]

I can execute sql code in your app. Even if you use a read/write connection, the code could contain some "drop table " or "drop database". Take a look of this:

utopian-io

2019-02-08 14:22

marianozetax(37)

via steemit

This post was published via steemit. Ecency is not the originator or editor of this content and displays it for discovery purposes only.

$ 0.000

1