[Xerte-dev] Re: Weird

Pat @ Pgogy xerte at pgogywebstuff.com
Fri Jan 25 19:55:44 GMT 2013


In theory you can't use drop as the MySQL user account is supposed to be select, insert, update and delete only.

That file is 4 years old

I wrote it to stop things in a blunt way, finesse is welcomed

Pgogy Webstuff - http://www.pgogywebstuff.com
Makers of web things of a fair to middling quality

On 25 Jan 2013, at 19:20, "Smith, John" <J.J.Smith at gcu.ac.uk> wrote:

> Is that best practice or even desirable? Surely if we cleanse the data, are checking for undesirable characters and escape quotes etc then 'reserved' names would be usable as is other systems?
> 
> You cant inject a drop table command without taking advantage of poor input cleansing...
> 
> Regards
> 
> John Smith
> Learning Technologist
> School of Health and Life Sciences
> 
> Sent from Samsung Galaxy SII
> 
> 
> 
> Dave Burnett <d_b_burnett at hotmail.com> wrote:
> 
> 
> 
> 
> To avoid SQL injection like DROP TABLE some db's say "No Thanks"
> 
> ??
> 
> 
> ________________________________
> From: Julian.Tenney at nottingham.ac.uk
> To: xerte-dev at lists.nottingham.ac.uk
> Date: Fri, 25 Jan 2013 15:32:21 +0000
> Subject: [Xerte-dev] Weird
> 
> 
> Why can’t I create a project called ‘drop’?
> 
> 
> 
> I can create projects called:
> 
> d
> 
> r
> 
> o
> 
> p
> 
> dr
> 
> ro
> 
> op
> 
> dro
> 
> rop
> 
> 
> 
> but not ‘drop’.
> 
> “Sorry that is not a valid name. Please use only letters and numbers”
> 
> 
> 
> WTF?
> 
> 
> 
> 
> 
> 
> _______________________________________________ Xerte-dev mailing list Xerte-dev at lists.nottingham.ac.uk http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
> 
> 
> 
> 
> Glasgow Caledonian University is a registered Scottish charity, number SC021474
> 
> Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html
> 
> Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
> 
> _______________________________________________
> Xerte-dev mailing list
> Xerte-dev at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
> This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it.   Please do not use, copy or disclose the information contained in this message or in any attachment.  Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
> 
> This message has been checked for viruses but the contents of an attachment
> may still contain software viruses which could damage your computer system:
> you are advised to perform your own checks. Email communications with the
> University of Nottingham may be monitored as permitted by UK legislation.



More information about the Xerte-dev mailing list