Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: phranque
), or they have generated a list of URLs but their regex is defective.
Reason I ask is if you have a query like this
select * from table where field like "%$term"
A quote can do some serious damage.
$term = 'blah%22%20or%201=1%22';
Add those two together,
select * from table where field like "%blah" or 1=1"
And you have a basic mysql injection that displays all records from a given table.