phyrex1an
Staff Member and irregular helper
- Reaction score
- 447
Is this even a security hole, can a new select, or delete/insert be injected in this fashion? It is for SEO, not a login.
New select, easy. Insert and delete is easy if you allow multiple statements per query and I'm pretty sure it's possible anyway but not with my knowledge. Either way, overloading your server is easy enough for someone that doesn't know more than me.
Any bug is a security issue as soon as someone with proper experience decides to attack you.