p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/)
-   Classic ASP Basics (http://p2p.wrox.com/classic-asp-basics-61/)
-   -   What SQL Injection is ? (http://p2p.wrox.com/classic-asp-basics/20175-what-sql-injection.html)

minhtri October 20th, 2004 09:34 PM

What SQL Injection is ?
 
Does anyone explain clearly What SQl Injection is ? And show me some Example in ASP,PHP ... And How to avoid them ?
I think it is very usefull for us


rodmcleay October 20th, 2004 09:53 PM

There are many resources for this on hte net, do a google search for SQL Injection Attack.
Here is one link but there are hundreds.
http://www.sitepoint.com/article/sql...n-attacks-safe

======================================
They say, best men are molded out of faults,
And, for the most, become much more the better
For being a little bad.
======================================

mat41 October 20th, 2004 10:11 PM

If someone wants to get you and they are good enough, simply, eventualy they will.

I believe the single most important factor is the account you use for connecting to the data store and what its privellages are. Never ever use the sa account in your sql server connection sting. As i'm sure your'e aware, that account has the 'mic daddy' access rights - a trouble making injectors dream

Any how, as rodmcleay has said there is a zillion web pages on it

Wind is your friend
Matt


All times are GMT -4. The time now is 02:36 AM.

Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
2013 John Wiley & Sons, Inc.