Posted by John O Brien, Chicken Feed at cache-mtc-ag05.proxy.aol.com on January 20, 2004 at 06:53:39:
There is a small error in the webforum script, I posted about this a few months ago but it was never fixed.
dberror: You have an error in your SQL syntax near 'test' OR email = 'test'test' ' at line 3
sql:
SELECT user_key
FROM User
WHERE username = 'test'test'
OR email = 'test'test'
I suggest serious error checking on this. The webforum could be compromised and the last thing you want is little wannabe hax0rs defacing the webforum with "Kevin Smith sucks balls".
Just a heads up (for the second time..)