* FROM blog where id=' . $_GET['id']; $result = mysql_query($q); show_blog_entry($result); ?> En que linea esta la vulnerabilidad? Porque es vulnerable? Que puede hacer un atacante con esta vulnerabilidad?
cursor = connection.cursor() cursor.execute("SELECT foo FROM bar WHERE baz = '" + self.baz + "'") row = cursor.fetchone() >>> for p in Person.objects.raw('SELECT * FROM myapp_person'): ... print p John Smith Jane Jones Entry.objects.extra(select={'is_recent': "pub_date > '2006-01-01'"})
particularly careful when using is_safe with custom template tags, the safe template tag, mark_safe, and when autoescape is turned off. Hola {{ name|safe }}, bienvenido! {% autoescape off %} {{ body }} {% endautoescape %}