Issue metadata
Sign in to add a comment
|
sql injection problem
Reported by
amithac...@gmail.com,
Jan 5 2017
|
||||||||||||||||||||
Issue descriptionChrome Version : Version 55.0.2883.87 m (64-bit) URL : http://www.w3schools.com/sql/trysql.asp?filename=trysql_select_all Behavior in Safari 4.x/5.x: working well Behavior in Firefox 3.x/4.x: working well Behavior in explorer : working well sql injection problem What steps will reproduce the problem? (1)entering the website (2) input "SELECT UCASE(ContactName) FROM [Customers]" (3)press 'run SQL' (4) 'Error1: could not prepare statement (1no such function: Ucase)' appear same think about input ' SELECT LEN (customername) FROM customers' only if you change the 'LEN' to 'LENGTH' it seems like SQL problem in chrome is causing it |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by ajha@chromium.org
, Jan 6 2017Status: Duplicate (was: Unconfirmed)