Post reply

Self SQL Injection

  • April 29, 2018 at 10:53 pm

    #330665

    Comments posted to this topic are about the item Self SQL Injection

  • April 30, 2018 at 4:15 am

    #1988613

    Very nice story about white space matters.

  • April 30, 2018 at 7:50 am

    #1988633

    Ahahahahahahaha

  • April 30, 2018 at 8:10 am

    #1988637

    It honestly surprises me how many people still leave themselves open to SQL injection. Parametrisation and the use of QUOTENAME (in SQL Server) make a query infinitely easier to make it avoidable. It really frustrates me when you see someone that's creating dynamic SQL with a statement like:
    @SQL = 'SELECT ' + @COL1 + ',' + @COL2 + ' FROM ' + @Table + ' WHERE ' + @Col1 + ' = ' + @Value;
    ARGH!!!!

    Thom~

    Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
    Larnu.uk

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply

Cookies on SQLServerCentral

This website stores cookies on your computer.

These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.

To find out more about the cookies we use, see our Privacy Policy