suzanne.soy/racket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

up

Browse Source 
svn: r13421
This commit is contained in:
Jay McCarthy 2009-02-04 19:36:31 +00:00
parent 7edf96de7a
commit 61419caf8b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
collects/web-server/scribblings/tutorial/continue.scrbl
View File

@ -1038,7 +1038,7 @@ We used @scheme[blog-insert-post!] and @scheme[post-insert-comment!] to initiali
@centerline{------------}
A user could submit a post with a title like, @scheme{null', 'null') and INSERT INTO accounts (username, password) VALUES ('ur','hacked} and get our simple @scheme[sqlite:insert] to make two INSERTs instead of one.
A user could submit a post with a title like, @scheme["null', 'null') and INSERT INTO accounts (username, password) VALUES ('ur','hacked"] and get our simple @scheme[sqlite:insert] to make two INSERTs instead of one.
This is called an SQL injection attack. It can be resolved by using
prepared statements that let SQLite do the proper quoting for us. Refer