[WEB SECURITY] SQL Injection through "name" field possible?

Matthew Zimmerman mzimmerman at gmail.com
Tue Feb 1 20:40:41 EST 2011


> Generally, SQL injection is possible with the "value" field in a HTML form.
> I was just wondering if it is practically possible through the "name"
> field as well.

I'm actually a little ashamed of this entire list for not mentioning
this already.  Has no one heard of Little Bobby Tables?
http://xkcd.com/327/

Matt Zimmeran




More information about the websecurity mailing list