DbAssistant

A serious bug was found today's evening while I just played with UPDATE form. Input PHP form variables were not mysql-escaped while inserted into UPDATE query (SET statement). I suppose this bug appears since UPDATE queries appeared in DbAssistant. Version 3.0 is already contains UPDATE queries and it is buggy too, so I suppose you will avoid using UPDATE queries or inset 'mysql_escape_string' call manually. Otherwise there is a vulnerability for SQL injection. I have already fixed this in SVN revision 182, so if you do not want any headache, just check it out.... read more