[aprssig] APRS IS streams and MySQL
Jordan Hayes KG6UAE
kg6uae at arrl.net
Sat Sep 12 12:24:44 EDT 2009
> "given input from an outside source" where else does it come from ?
For instance, if you have a database that you maintain and you want to
query it as part of your application, you might do something like this
(I'll use PHP but the idea is similar in other language bindings):
$q = "SELECT * from Table where Col LIKE 'A%'";
There's no chance that *your own code* would be exploited, so you don't
*have* to use a PreparedStatement. But if you're, say, writing a web
application, you might be tempted to do this:
$q = "SELECT * from Table where Col LIKE '" . $_REQUEST['col'] .
"%'";
More details here: http://en.wikipedia.org/wiki/SQL_injection
/jordan
More information about the aprssig
mailing list