View Single Post
01-02-2013, 07:06 PM
#3
Village Genius is offline Village Genius
Village Genius's Avatar
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
 
Posts: 6,894
iTrader: 18 / 100%
 

Village Genius will become famous soon enough

  Old

You are inserting stuff into your database without escaping it, making it vulnerable to SQL injection. Things like the file name are passed along like any other input string would be so an attacker could easily exploit that.

Reply With Quote