| http://www.w3.org/ns/prov#value | - For example, a pseudo query like this would be insecure: SELECT lolcats FROM hats WHERE (id=$USERINPUT);This is because the attacker, even if ' and has a backslash appended, can just end the parentheses and inject his own code like this: ) UNION SELECT 0x41414141 FROM blah and so forth.There is a lot of tricks, and a good book to read besides numerous articles you can find on google by searching
|
