Lame SQL injection solution?

I dig campusfood.com; they enable internet orders from some places that otherwise wouldn’t do it, have a nice interface and all that… But, there’s this weird little quirk I just noticed. If you type parenthesis or quotes in the ‘notes’ field of an order item, they get scrubbed out. I’m guessing that’s some lame way to prevent SQL injection attacks… Given the overall quality of the site, you’d think they could be more sophisticated about that. Also, you’d think I’d have something better to do right now than complain about such a dumb thing on my blog for no reason. Just goes to show that anyone can be wrong…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.