Re: Preventing ALL text SQL Injection by removing single-quotes ?
From: John Bell (jbellnewsposts_at_hotmail.com)
Date: 07/05/05
- Next message: Karen Collins: "KB article 822668 - what's really happening?"
- Previous message: Susan S via SQLMonster.com: "Re: Preventing ALL text SQL Injection by removing single-quotes ?"
- In reply to: Susan S via SQLMonster.com: "Re: Preventing ALL text SQL Injection by removing single-quotes ?"
- Next in thread: Susan S via SQLMonster.com: "Re: Preventing ALL text SQL Injection by removing single-quotes ?"
- Reply: Susan S via SQLMonster.com: "Re: Preventing ALL text SQL Injection by removing single-quotes ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 4 Jul 2005 23:36:39 -0700
Hi
You are assuming a certain business rule is applied which is probably
quite rare. You may be able to provide dropdowns if your values are so
specific and remove the need to type in anything!!
The parameterised query option is generic and can cater for all
sutuations, it should also be fast.
John
- Next message: Karen Collins: "KB article 822668 - what's really happening?"
- Previous message: Susan S via SQLMonster.com: "Re: Preventing ALL text SQL Injection by removing single-quotes ?"
- In reply to: Susan S via SQLMonster.com: "Re: Preventing ALL text SQL Injection by removing single-quotes ?"
- Next in thread: Susan S via SQLMonster.com: "Re: Preventing ALL text SQL Injection by removing single-quotes ?"
- Reply: Susan S via SQLMonster.com: "Re: Preventing ALL text SQL Injection by removing single-quotes ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
