Why you should not accept data from users into a DB without checking it.
Exhibit A: "select manufacturer"
<OPTION value="FUJITSO">FUJITSO</OPTION>
<OPTION value="FUJITSU">FUJITSU</OPTION>
<OPTION value="FUJITSU SIEMENS">FUJITSU SIEMENS</OPTION>
<OPTION value="FUJITSU-SIEMEN">FUJITSU-SIEMEN</OPTION>
<OPTION value="FUJITSU-SIEMENES">FUJITSU-SIEMENES</OPTION>
<OPTION value="FUJITSU-SIEMENS">FUJITSU-SIEMENS</OPTION>
No comments:
Post a Comment
Note: only a member of this blog may post a comment.