View Single Post
  #6 (permalink)  
Old March 1st, 2006, 01:15 PM
crmpicco crmpicco is offline
Friend of Wrox
Points: 8,019, Level: 38
Points: 8,019, Level: 38 Points: 8,019, Level: 38 Points: 8,019, Level: 38
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2005
Location: Mauchline, East Ayrshire, Scotland
Posts: 1,525
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to crmpicco Send a message via AIM to crmpicco Send a message via MSN to crmpicco Send a message via Yahoo to crmpicco
Default

Code:
choice = request("choice")
set rs2=con.execute("select * from db_stadiumname where countryname like '"&choice&"%' and languagecode = 'gb'")
Choice is coming from a text box in the previous page.

What happens is that if a bad character, for example, an apostrophe is entered and submitted then it crashed the MySQL hit and the DB.

Is this not fairly common surely, that is the reason i have built CS and SS validation to catch this...

Picco


www.crmpicco.co.uk
Reply With Quote