[Xerte-dev] Re: Weird
Smith, John
J.J.Smith at gcu.ac.uk
Fri Jan 25 19:20:12 GMT 2013
Is that best practice or even desirable? Surely if we cleanse the data, are checking for undesirable characters and escape quotes etc then 'reserved' names would be usable as is other systems?
You cant inject a drop table command without taking advantage of poor input cleansing...
Regards
John Smith
Learning Technologist
School of Health and Life Sciences
Sent from Samsung Galaxy SII
Dave Burnett <d_b_burnett at hotmail.com> wrote:
To avoid SQL injection like DROP TABLE some db's say "No Thanks"
??
________________________________
From: Julian.Tenney at nottingham.ac.uk
To: xerte-dev at lists.nottingham.ac.uk
Date: Fri, 25 Jan 2013 15:32:21 +0000
Subject: [Xerte-dev] Weird
Why can’t I create a project called ‘drop’?
I can create projects called:
d
r
o
p
dr
ro
op
dro
rop
but not ‘drop’.
“Sorry that is not a valid name. Please use only letters and numbers”
WTF?
_______________________________________________ Xerte-dev mailing list Xerte-dev at lists.nottingham.ac.uk http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
Glasgow Caledonian University is a registered Scottish charity, number SC021474
Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html
Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
More information about the Xerte-dev
mailing list