Thread: sql injection
View Single Post
  #3 (permalink)  
Old June 16th, 2008, 02:54 PM
Old Pedant Old Pedant is offline
Friend of Wrox
 
Join Date: Jun 2008
Location: Snohomish, WA, USA
Posts: 1,649
Thanks: 3
Thanked 141 Times in 140 Posts
Default

Depends on the rest of your code.

For example, if you were to simply pass that Request("ID") into a query that is accepting a VARCHAR and which then tries to convert the varchar to integer, the message makes sense.

Also, pretty sure this is the error you'd get if you used ADODB.Recordset.AddNew instead of a SQL query. Or did update same way.

Possibly could happen with Command object? Not sure. Hmmm...even if so, I wouldn't expect that particular error message.

Well, in any case I'd want to see the code involved.
Reply With Quote