-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Database error when submitting form to request API key #5
Comments
Looks like possible SQL injection issue. |
Confirmed SQL injection issue. The error appeared because I had a single quotation mark in my answer to "Description of your application". |
@jpmckinney as OP can you close the issue? Unless I misunderstand it sounds like this is a feature not a bug. |
@maxvonhippel It's quite natural for people completing the form to use English contractions (we're, I'm, etc.) in the description. The code should escape quotes - it shouldn't pass them unescaped to the SQL query string! |
Ah, gotcha! Sorry it was late, that should have been obvious. Understood. |
The text was updated successfully, but these errors were encountered: