mimochodem na Oracle existuje uzasne SQL Injection pres defalutni string casu:
SELECT * FROM tbl where datum>sysdate-1
and
ALTER SESSION SET NLS_DATE_FORMAT="'10-10-99'; TRUNCATE TABLE USERS;";
mimochodem na Oracle existuje uzasne SQL Injection pres defalutni string casu:
SELECT * FROM tbl where datum>sysdate-1
and
ALTER SESSION SET NLS_DATE_FORMAT="'10-10-99'; TRUNCATE TABLE USERS;";