Re: Solving the ' issue
From: Eric Sabine (mopar41_at_hyottmail.com)
Date: 12/05/03
- Next message: Eric Sabine: "Re: Database Column encryption"
- Previous message: Mike Lopez: ""Repository" for UDF's"
- In reply to: PL: "Solving the ' issue"
- Next in thread: PL: "Re: Solving the ' issue"
- Reply: PL: "Re: Solving the ' issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 5 Dec 2003 11:48:47 -0500
Is this a SQL Server issue? I ask because you use the & (AND) operator, not
+. If you're trying to prevent something like SQL Injection, you'll have to
rewrite code to trap injection.
http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=2&tabid=3
is this what you're asking about?
Eric
"PL" <pblse2@yahoo.se> wrote in message
news:e56kf$zuDHA.2520@TK2MSFTNGP10.phx.gbl...
>
> What do you do when you inherit hundreds of pages of badly
> written code with queries that has:
>
> WHERE [ID Number] = '" & Request("ID") & "'"
>
> all over the pages, I counted 555 matches just in one folder :-(
>
> If it was just Request("ID") I could do a search and replace but there
> are other parameters.
>
> What can I do on the SQL Server side to secure it up so nothing really
> can happen if they enter a single qoute in a parameter ?
>
> Any suggestions appreciated.
>
> PL.
>
>
- Next message: Eric Sabine: "Re: Database Column encryption"
- Previous message: Mike Lopez: ""Repository" for UDF's"
- In reply to: PL: "Solving the ' issue"
- Next in thread: PL: "Re: Solving the ' issue"
- Reply: PL: "Re: Solving the ' issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
