Wrox Programmer Forums
|
ASP.NET 1.1 As of 10/6/2005, this forum is locked as part of the reorganization described here: http://p2p.wrox.com/topic.asp?TOPIC_ID=35394. No posts have been deleted. Open ongoing discussions from the last week have been moved to either ASP.NET 1.0 and 1.1 Beginners http://p2p.wrox.com/asp-net-1-0-1-1-basics-60/ or ASP.NET 1.0 and 1.1 Professional. http://p2p.wrox.com/forum.asp?FORUM_ID=50. See my sticky post inside for more.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 1.1 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old August 18th, 2004, 10:40 AM
Friend of Wrox
  
Join Date: Jun 2004
Posts: 245
Thanks: 0
Thanked 0 Times in 0 Posts
Default SQL Injections in Textboxes
I heard about SQL injections user can try to enter into Textboxes.
What are the most common ones to watch for?

I heard about this somewhere but I don't know the specifics.
 
Old August 18th, 2004, 11:08 AM
Friend of Wrox
  
Join Date: Jun 2003
Posts: 1,998
Thanks: 0
Thanked 3 Times in 3 Posts
Default
If I wanted to find information, I could enter something like:

' union select NULL, name, NULL, NULL from master..sysdatabases where name <> '

This would be ideal for a string value, where the where clause would be like:

where data = 'match this'

The final with injected SQL would be:

where data = 'match this' union select NULL, name, NULL, NULL from master..sysdatabases where name <> ''

Use stored procedures where possible (not hard-codes SQL strings), look for -- or union select statements.

This is primary SQL based, oracle would have a different recommendation.

Brian





Similar Threads
Thread Thread Starter Forum Replies Last Post
Two TextBoxes [email protected] ASP.NET 1.0 and 1.1 Basics 5 April 1st, 2006 06:32 AM
SQL Injections Prevention phungleon Classic ASP Databases 1 April 8th, 2005 12:23 PM
Adding in textboxes slgknjn Beginning VB 6 1 July 20th, 2004 12:20 PM
Creating Textboxes jfleming VB How-To 7 July 14th, 2004 11:35 PM
Using Monthview with 2 textboxes eresina Beginning VB 6 0 October 2nd, 2003 08:33 AM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.