$name = $_GET['name']
Select * from table where name = '{$name}'
Is there any way to exploit this kind of code,
considering that it is part of a wordpress app (which mean quotes are being escaped)
so stuff like this will not wok - Page.php?name='; drop table table;
(php and mysql)
I read about a vulnerability only on GBK charset - let say it uses a different charset.
Does it mean that it is completely safe - can any one exploit it?
Select * from table where name = '{$name}'
Is there any way to exploit this kind of code,
considering that it is part of a wordpress app (which mean quotes are being escaped)
so stuff like this will not wok - Page.php?name='; drop table table;
(php and mysql)
I read about a vulnerability only on GBK charset - let say it uses a different charset.
Does it mean that it is completely safe - can any one exploit it?