>> insert into test values (0,''; DELETE FROM test; ',1);
>> ERROR 1064: You have an error in your SQL syntax near '' at line 1
what about
insert into test values (0,'\'; DELETE FROM test; ',1);
the character ' is used to denote the beginning and the end of a
field value. If you have this character within the value, you
will have to escape it. It's as simple as that.
--
Herzlich
Werner Stuerenburg
_________________________________________________
ISIS Verlag, Teut 3, D-32683 Barntrup-Alverdissen
Tel 0(049) 5224-997 407 · Fax 0(049) 5224-997 409
http://pferdezeitung.de
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
