[VIM] Dragonfly Commerce disputes reports
Steven M. Christey
coley at linus.mitre.org
Mon Jul 18 02:06:56 EDT 2005
On Sun, 17 Jul 2005, security curmudgeon wrote:
> I really hate these types of disputes.
Yes, the only way to really deal with them is to verify ourselves.
Whichever side is true, I suspect that in general we'll see a lot of these
"invalid input" SQL problems being labeled as SQL injection. Only makes
sense for a SQL query to barf if it's given an non-numeric argument for a
numeric field, and quoting the input might stop injection but it won't
stop the query from failing.
More information about the VIM