Comment by __MatrixMan__
2 days ago
I'd guess that something somewhere has got its sanitization wrong. They tested it against
Robert'); DROP TABLE Students;--
And see that it now provides
'Robert DROP TABLE Students'
Problem solved! And then later somebody else comes along, ignorant of the sanitization step, and provides
NULL
But the code strips special characters and adds quotes, so they've actually inserted:
'NULL'
No comments yet
Contribute on Hacker News ↗