Posted by Kevin Audleman on 03/02/06 20:35
My site has come under attack from sql injections. I thought I had
things handled by replacing all single quotes with two single quotes,
aka
Replace(inputString, "'", "''")
Alas, clever hackers have still managed to find a way to drop columns
from some of my tables. Can anybody direct me towards a best practice
document on preventing these attacks?
Thank you thank you,
Kevin
[Back to original message]
|