Okay, I see how you're thinking about this, and in this case the attempted insertion doesn't need to be inside an HTML tag. To keep it simple let's say this is your entire message:
');DROP TARLE users;
And now I'm going to add this message to the message database, and the SQL query would look like this:
insert into messages values (..., '');DROP TARLE users;', ...);
Your close quote ends the insert query, after which the users table is deleted.
However, a message is text, and all single quotes in message text are escaped, so the actual query becomes:
insert into messages values (..., '\');DROP TARLE users;', ...);
But interestingly, this has uncovered a bug. The mere presence of the string "drop tarle" in message text hangs the message preview feature, and that explains why I've used "tarle" in place of "table" in this message. I'm really curious about this one.
Like, I don't ask because I think you haven't taken measures, I ask because I'm curious, and somewhat of a (poor) programmer myself. And I guess I could try to find out by trying these hacks myself but if any of them worked I'd have destroyed EvC Forum. (That, of course, overestimates my hacking abilities to a significant extent.)
Of course, maybe you don't want to openly discuss the nuts and bolts of site security? Maybe I'll just let it go.
you can't have looked at too many forums, as i'm registered at quite a few.
They want period, space, space, capital. That's double your preferred period, space.
well, as crash pointed out, that's not what "double spaced" means, but yes, that is part of standard MLA (i think?). i actually prefer it myself, and always have, but i've stopped typing that way since html doesn't allow it. it collapses all extra spaces in text. i'd literally have to add two extra non-breaking spaces at the end of each sentence, and i'm not going to do that when period-space is sufficient.
MLA also does not like the extra blank line between paragraphs, which i believe that nearly everyone does here for the sake of clarity.
No style guide since the age of typewriters has specified "period space space capital" formatting, because modern computers kern text - that is, they adjust the space between letters to compensate for the relative visual width of letters. In the age of typewriters "period space space capital" formatting was preferred because the text was monospaced and unkerned, so there was less visual density of text and therefore less apparent space between sentences.
"The Mac is not a Typewriter" is, of course, best-selling author and editor Robin Williams's cri de coeur against obsolete style guides misapplied to computers, and he spends most of it railing against "period space space capital" formatting, and he's absolutely right - unless you're reading this on your old IBM Selectric, somehow, you shouldn't be doing it under any circumstances.
I always double space after sentences—always.
Check out Apollo's Temple! Ignorance is temporary; you should be able to overcome it. - nwr
and people think i'm weird for owning a turntable.
in any case, in reference to the original sub-thread title, there's a very famous message board with a somewhat high percentage of lowercase posts. it just made the news recently, as members took down the webpages of visa, mastercard, and the government of sweden.