Solving the ' issue
From: PL (pblse2_at_yahoo.se)
Date: 12/05/03
- Next message: Gary Whitley [MSFT]: "RE: Installing a SQL Server database on a Web Host"
- Previous message: Gary Whitley [MSFT]: "RE: SQL Server Data / Record encryption"
- Next in thread: Eric Sabine: "Re: Solving the ' issue"
- Reply: Eric Sabine: "Re: Solving the ' issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 5 Dec 2003 15:56:01 +0100
What do you do when you inherit hundreds of pages of badly
written code with queries that has:
WHERE [ID Number] = '" & Request("ID") & "'"
all over the pages, I counted 555 matches just in one folder :-(
If it was just Request("ID") I could do a search and replace but there
are other parameters.
What can I do on the SQL Server side to secure it up so nothing really
can happen if they enter a single qoute in a parameter ?
Any suggestions appreciated.
PL.
- Next message: Gary Whitley [MSFT]: "RE: Installing a SQL Server database on a Web Host"
- Previous message: Gary Whitley [MSFT]: "RE: SQL Server Data / Record encryption"
- Next in thread: Eric Sabine: "Re: Solving the ' issue"
- Reply: Eric Sabine: "Re: Solving the ' issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
