http://207.230.217.78/chris/sqlinjection.zip
This article points out a flaw/weakness in some DB servers called SQL Injection. the concept is very similar to CSS (cross-site scripting.) the following code is in ASP/MS SQL but it should make sense across the platforms.
lets say you have a simple HTML form that has a single textbox where the user enters their name. on the server-side you have the following code:
Code:
SELECT * FROM Users WHERE Username='" & Request.Form("Username") & "'"
if a person enters Bob into the user name box, the query sent to the SQL server would be:
Code:
SELECT * FROM Users WHERE Username='Bob'
that's great and all, but what if the user entered:
Code:
Bob' DROP TABLE Users--
this would send the following code to the server:
Code:
SELECT * FROM Users WHERE Username='Bob' DROP TABLE Users--'
since MS SQL pretty much ignores whitespace, it's going to execute both commands, the second of which deletes the entire user table. the 2 dashes are SQL comments so the last apostrophe gets ingored and no errors are thrown.
dBforums
>
SQL Injection - ATTENTION
05-14-02, 13:33
Linear Mode
