Posted by jennifer1970 on 03/02/06 21:09
Kevin Audleman wrote:
> My site has come under attack from sql injections. I thought I had
> things handled by replacing all single quotes with two single quotes,
> aka
>
> Replace(inputString, "'", "''")
>
> Alas, clever hackers have still managed to find a way to drop columns
> from some of my tables. Can anybody direct me towards a best practice
> document on preventing these attacks?
>
> Thank you thank you,
>
> Kevin
[Back to original message]
|