You might know what SQL injection in PHP mysql queries…
Closing the mysql query manually and deleting the table…
Adding extra parameters to make the query always true and logging in…
This was in earlier PHP, however we can avoid these by magic_quotes…
My question is that Will this trick work in a javascript function which accept a variable? If yes how to avoid it?
For eg:
function testFunction(variable){
//doSomething with variable
}
In the above code we can run the function from location bar by typing javascript:testFunction(var);
If the var is typed in as in the SQL injection method(manually closing the function parenthesis and writing a code to create a file in the server…), will it make any problem?
