because you also have integer based SQL injection. Escaping strings isn't a comp... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		orf on Aug 5, 2013 \| parent \| context \| favorite \| on: SQL Injection Galore because you also have integer based SQL injection. Escaping strings isn't a complete fix.

user24 on Aug 5, 2013 [–]

Yep. In fact the typical SQL injection example is " 0 OR 1=1 ".

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact