Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » DBISAM Technical Support » Support Forums » DBISAM General » View Thread |
Messages 11 to 17 of 17 total |
QuotedSQLString and injection attacks? |
Wed, Oct 10 2012 4:22 AM | Permanent Link |
Matthew Jones | Indeed, but since I can slip occasionally, I'd like to know if QuotedSQLString will
protect me. /Matthew Jones/ |
Wed, Oct 10 2012 5:37 AM | Permanent Link |
Roy Lambert NLH Associates Team Elevate | Matthew
>Indeed, but since I can slip occasionally, I'd like to know if QuotedSQLString will >protect me. NO!!!!! Roy |
Wed, Oct 10 2012 9:02 AM | Permanent Link |
Matthew Jones | Why not? Surely it will be quoting the quotes to stop any "breaking out of string"?
/Matthew Jones/ |
Wed, Oct 10 2012 9:23 AM | Permanent Link |
Roy Lambert NLH Associates Team Elevate | Matthew
All QuotedSQLString does is stick quotes round things, and double up existing quotes. If this is just being used as a parameter in a WHERE clause you'll be pretty safe but it won't take out any potentially dangerous sql code (eg the famous DROP TABLE one) which could in some circumstances be run. Relying on QuotedSQLString as a safety device is a big no no. Roy Lambert [Team Elevate] |
Wed, Oct 10 2012 2:07 PM | Permanent Link |
Matthew Jones | > which could in some circumstances be run.
In which circumstances? That's the key. How? Only if I've mucked up my SQL and added a spare quote will it allow a hole, and I'd spot that immediately with the good data. /Matthew Jones/ |
Thu, Oct 11 2012 3:52 AM | Permanent Link |
Roy Lambert NLH Associates Team Elevate | Matthew
>> which could in some circumstances be run. > >In which circumstances? That's the key. How? Only if I've mucked up my SQL and >added a spare quote will it allow a hole, and I'd spot that immediately with the >good data. If I'd had the faintest idea I would have told you <vbg> Roy Lambert [Team Elevate] |
Thu, Nov 1 2012 6:22 AM | Permanent Link |
Matthew Jones |
« Previous Page | Page 2 of 2 | |
Jump to Page: 1 2 |
This web page was last updated on Tuesday, April 23, 2024 at 08:10 AM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |