| Subject | Re: [firebird-support] UUID (CHAR(16) OCTETS) in conditional expression |
|---|---|
| Author | Zoltán Török |
| Post date | 2009-03-31T16:58:33Z |
Dimitry,
May I get some explanation ?
Is this some kind of security vulnerability?
I'm using these procedures in SELECT ... FROM <procedure_name> constructs.
2009/3/31 Dimitry Sibiryakov <sd@...>
May I get some explanation ?
Is this some kind of security vulnerability?
I'm using these procedures in SELECT ... FROM <procedure_name> constructs.
2009/3/31 Dimitry Sibiryakov <sd@...>
> > If the V_PARENT contains any kind of ' or " (string quote char) the[Non-text portions of this message have been removed]
> > procedure stops with:
>
> Don't you use EXECUTE STATEMENT?.. Stop it.
>
> SY, SD.
>
>
> ------------------------------------
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Visit http://www.firebirdsql.org and click the Resources item
> on the main (top) menu. Try Knowledgebase and FAQ links !
>
> Also search the knowledgebases at http://www.ibphoenix.com
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Yahoo! Groups Links
>
>
>
>