On Wed, 28 Feb 2001, robert rotman wrote:
> (${lookup mysql{select password from table where
> username='${extract{1}{#}{$2}}' and
> domain='${extract{2}{#}{$2}}'}{$value}fail}
> )
as the very bare minimum __always__ use quote_mysql. (not sure if it's
related, it could even be. recommended reading is the rfp2k01 advisory
by rfp, which discusses *sql and unchecked user input from a web'n
stuff related point of view, most certainy applies to any such
situation - like this one).
--
[-]
So, you're a Ph.D. Just don't touch anything.
