|
|
|
|
|
|
by ronaldx
4687 days ago
|
|
|
Agreed! In general this is a problem of defining and abiding by valid inputs and valid outputs of a system. SQL statements (unparameterized) have a poor distinction between what is an element of the SQL language and what is permitted data input: where that boundary can be crossed, injection attacks become possible. |
|
|