[VIM] Dragonfly Commerce disputes reports

[Steven M. Christey]

On Sun, 17 Jul 2005, security curmudgeon wrote:

> I really hate these types of disputes.

Yes, the only way to really deal with them is to verify ourselves.


Whichever side is true, I suspect that in general we'll see a lot of these
"invalid input" SQL problems being labeled as SQL injection.  Only makes
sense for a SQL query to barf if it's given an non-numeric argument for a
numeric field, and quoting the input might stop injection but it won't
stop the query from failing.

- Steve