Re: Solving the ' issue
From: PL (pblse2_at_yahoo.se)
Date: 12/05/03
- Next message: Eric Sabine: "Re: Solving the ' issue"
- Previous message: Eric Sabine: "Re: Database Column encryption"
- In reply to: Eric Sabine: "Re: Solving the ' issue"
- Next in thread: Eric Sabine: "Re: Solving the ' issue"
- Reply: Eric Sabine: "Re: Solving the ' issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 5 Dec 2003 18:18:59 +0100
It's an sql issue because it's a stupid issue to begin with, why it's never fixed
I don't know.
Also, if you bothered to read my question I was wondering what I could do
on the SQL server side to prevent anything bad like '; DELETE FROM ...
being inserted/injected.
The issue is not really what language you use on the scripting side, this
is certainly a SQL issue.
It's nice to see usenet holds up to it's standard, makes me remember why
I stopped using it.
PL.
"Eric Sabine" <mopar41@hyottmail.com> skrev i meddelandet news:e5qGo%230uDHA.2244@TK2MSFTNGP09.phx.gbl...
> Is this a SQL Server issue? I ask because you use the & (AND) operator, not
> +. If you're trying to prevent something like SQL Injection, you'll have to
> rewrite code to trap injection.
> http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=2&tabid=3
>
> is this what you're asking about?
>
> Eric
- Next message: Eric Sabine: "Re: Solving the ' issue"
- Previous message: Eric Sabine: "Re: Database Column encryption"
- In reply to: Eric Sabine: "Re: Solving the ' issue"
- Next in thread: Eric Sabine: "Re: Solving the ' issue"
- Reply: Eric Sabine: "Re: Solving the ' issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
