April 29, 2018 at 10:53 pm
Comments posted to this topic are about the item Self SQL Injection
April 30, 2018 at 4:15 am
Very nice story about white space matters.
April 30, 2018 at 7:50 am
Ahahahahahahaha
April 30, 2018 at 8:10 am
It honestly surprises me how many people still leave themselves open to SQL injection. Parametrisation and the use of QUOTENAME (in SQL Server) make a query infinitely easier to make it avoidable. It really frustrates me when you see someone that's creating dynamic SQL with a statement like:@SQL = 'SELECT ' + @COL1 + ',' + @COL2 + ' FROM ' + @Table + ' WHERE ' + @Col1 + ' = ' + @Value;
ARGH!!!!
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
Larnu.uk
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply