MySQL addresses SQL injection vulnerability
MySQL AB has issued updates to its MySQL 4.1 and 5.0 series to address a SQL injection vulnerability. MySQL's action follows the PostgreSQL project's release last week to address the same issues.
The vulnerability was discovered by the PostgreSQL project and passed to MySQL via the Open Source Database Consortium. The vulnerability lies in the mysql_real_escape_string() function.
[ Read more ]