Re: SQL Injection??? -- WEB400

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

Subject: Re: SQL Injection???
From: "Bradley V. Stone" <bvstone@xxxxxxxxxxxx>
Date: Fri, 30 May 2008 12:10:11 -0500
List-archive: <http://archive.midrange.com/web400>
List-help: <mailto:web400-request@midrange.com?subject=help>
List-id: Web Enabling the AS400 / iSeries <web400.midrange.com>
List-post: <mailto:web400@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo/web400>, <mailto:web400-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/listinfo/web400>, <mailto:web400-request@midrange.com?subject=unsubscribe>

Are SQL injection attacks
really a big issue using CGIDEV2?

The "language" used has nothing to do with the issue of SQL Injection.
If you're concatenating values from your website into a string to send
to the sql engine (DB2, Oracle, SQLServer, MySQL, etc.) it's an issue.

Ahh.. now I see. building the SQL string in your website and sending it to
the server. Not a good idea. I never do that. I send each variable
separately, validate, then build my dynamic SQL statement.

Brad

As an Amazon Associate we earn from qualifying purchases.

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.