Sorry guys, forwarded the wrong email in my last post re SQL injection - here's the correct one.
---------- Forwarded message ---------- From: <rqcc-dae...@var.on-rev.com> Date: Thu, Jan 5, 2012 at 4:31 AM Subject: [Bug 9932] expose mysql_real_escape_string() function To: p...@mollysrevenge.com http://quality.runrev.com/show_bug.cgi?id=9932 michael.mccre...@runrev.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|major |enhancement Status|UNCONFIRMED |NEW Ever Confirmed|0 |1 ------- Comment #1 from michael.mccre...@runrev.com 2012-01-05 06:31 ------- Hi Andre Thanks very much for the report. I'm changing this to a an enhancement request. The function mysql_real_escape_string (and its equivalents for the other database types) is called internally by revDB when passing data using variable lists (for an example, see the dictionary entry for revQueryDatabase). This is the preferred method for escaping data. Warm Regards Michael -- Configure bugmail: http://quality.runrev.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are a voter for the bug, or are watching someone who is. -- Pete Molly's Revenge <http://www.mollysrevenge.com> _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
