|
The concept of SQL insertion is a recognized vulnerability. The article says to do a search on that on the net. As you and the article say, proper use of parameter markers can prevent problems to a great degree. But we know how much is written that does not handle these things well. So the issue is good to know about. Vern -------------- Original message -------------- > Interesting, but in some ways a stretch. If you are careful about > editing, the use of parameter markers, and, in the web world, the use of > exposed parameters, you wouldn't normally encounter this opportunity for > hacking. > > Worth reviewing your code for though. > > First time I had ever seen the word "copacetic" used in print. Cool! > > Pete Helgren > > rob@xxxxxxxxx wrote: > > >Interesting article on hacking dynamic sql. > >http://www.itjungle.com/fhg/fhg100505-story02.html > > > >Rob Berendt > > > > > -- > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. >
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
