sql injection | ww.wp.xz.cn

badgerhill
(@badgerhill)

12 years, 2 months ago

joshua,

i like the plugin, however it seems to be prone to sql injection.
there are easy ways to prevent this – like
http://at1.php.net/pdo.prepared-statements

or at least
using mysql_real_escape_string

you get a chance to update your plugin?

thanks

https://ww.wp.xz.cn/plugins/external-db-auth-reloaded/

Viewing 1 replies (of 1 total)

anttiai
(@anttiai)

12 years ago

Hello,

I’m curious of how this is actually SQL injectable. I tried few against my wordpress and none of those worked. I have a testing server going to production and would really like to test this before.

Viewing 1 replies (of 1 total)

The topic ‘sql injection’ is closed to new replies.

1 reply
2 participants
Last reply from: anttiai
Last activity: 12 years ago
Status: not resolved