Hi,
We are developing a web page: PHP & postgreSQL. We can transform the below (a)
query to get the (b) query, if we add,
"01001'); DELETE * FROM tbHosp; INSERT INTO tbRev (Id) VALUES ('01001"
, as the value of Id in the web form.
(a) INSERT INTO tbRev (Id) VALUES ('01001');
(b) INSERT INTO tbRev (Id) VALUES ('01001'); DELETE FROM tbHosp; INSERT INTO
tbRev (Id) VALUES ('01001');
We are able to delete registers. We have checked and it works!. Microsoft
Access 2000 does not allow me execute a composed query. It warns with
something similar to "ERROR; -2147217900 [Microsoft][Microsoft Access ODBC
Driver] Characters after the end of the first SQL query".
How can we avoid this security risk using PHP & postgreSQL?.
Regards,
Davi
