Conversation
Notices
-
Some developers are so afraid of #SQL #injection, that they do interesting solutions. I tried to search for 'selection' but the search always turns out only for 'ion'. Also if looking dor deletion or insertion search also turns out only for 'ion'. So they're stripping the SQL commands from user input which they're so afraid of. Interesting way to deal with the issue. But doing that basically introduced usability issues which can be counted as bug. High five for your security team. This also reminds me from services which strips all ' from strings, just to be sure. They're not stripping drop or or create table commands, interesting logic there. Probably the user account doesn't have rights to drop or create tables, because those aren't being filtered.
