Re: help on gtk with mysql.

From: Tor Lillqvist <tml iki fi>
To: "sameer tandra" <sameer tandra gmail com>
Cc: gtk-list gnome org
Subject: Re: help on gtk with mysql.
Date: Mon, 16 Oct 2006 15:35:26 +0300

How about something like:

char *sql = g_strdup_printf ("INSERT INTO test(id) VALUES('%s')", p);
doSQL (sql);
g_free (sql);

You also want to check that the user entry is valid and doesn't
contain things like quotes. Otherwise some joker could enter something
like:

'); update person set salary=100000 where id=1234; insert into test(id) values('a

into your entry box and whoopee, hack your database.

--tml

References:
- help on gtk with mysql.
  - From: sameer tandra

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]