[Xerte-dev] Re: Weird
David Goodwin
david at palepurple.co.uk
Fri Jan 25 22:16:27 GMT 2013
On 25 Jan 2013, at 15:48, xerte at pgogywebstuff.com wrote:
> Have replied to this once already - am confused
>
> The javascript blocks the word drop from things to stop SQL stuff
>
> It has always been that way
>
I've edited website_code/scripts/validation.js to remove the drop/truncate/insert stuff..... logic in JS does not stop SQL injection attacks.
David.
Pale Purple Ltd. (Company No: 5580814)
'Business Web Application Development and Training in PHP'
http://www.palepurple.co.uk
Office: 0845 0046746 Mobile: 07792380669
Follow us on Twitter: @PalePurpleLtd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20130125/b39c8c15/attachment.html>
More information about the Xerte-dev
mailing list