[VIM] Dragonfly Commerce disputes reports

Steven M. Christey coley at linus.mitre.org
Mon Jul 18 02:06:56 EDT 2005


On Sun, 17 Jul 2005, security curmudgeon wrote:

> I really hate these types of disputes.

Yes, the only way to really deal with them is to verify ourselves.


Whichever side is true, I suspect that in general we'll see a lot of these
"invalid input" SQL problems being labeled as SQL injection.  Only makes
sense for a SQL query to barf if it's given an non-numeric argument for a
numeric field, and quoting the input might stop injection but it won't
stop the query from failing.

- Steve


More information about the VIM mailing list