Hi all,
I have a form which uses 2 parameters: id and hash. Together they identify a unique record.
myform.php?id=’’ OR ‘1=1’ is properly escaped to (id = ‘’ OR ‘1=1’)
myform.php?hash=’’ OR ‘1=1’ is not escaped by default. I get (hash = ‘’ OR ‘1=1’) , so one can get to the form data by using the id only using this simple sql injection…
I have to escape this myself using [hash] = sc_sql_injection($_GET[‘hash’]);
Shouldn’t this be default behavior?
Thanks,
Bert