Preventing SQL Injection attacks — MsSQL Server

You are here: Preventing SQL Injection attacks « MsSQL Server « IT news, forums, messages

Posted by Kevin Audleman on 03/02/06 20:35

My site has come under attack from sql injections. I thought I had
things handled by replacing all single quotes with two single quotes,
aka

Replace(inputString, "'", "''")

Alas, clever hackers have still managed to find a way to drop columns
from some of my tables. Can anybody direct me towards a best practice
document on preventing these attacks?

Thank you thank you,

Kevin

Navigation:

Next in forum: Re: Preventing SQL Injection attacks
Prev in forum: Re: Optimizing a JOIN
Thread view: Preventing SQL Injection attacks

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация