Results 1 to 2 of 2

Thread: SQL Injection

  1. #1
    Join Date
    Jan 2006
    Posts
    6

    Unanswered: SQL Injection

    Does anyone have any insight regarding SQL injection involving a table name t_jiaozhu? Is this a new hack script or old? I am having a hard time finding any clear details other than ways to stop injection from happening. This I know, what I am trying to figure out is what damaged may have been caused (worse case) and what would be a good plan of attack to figure out what steps suceeded/failed.

  2. #2
    Join Date
    Jan 2003
    Location
    Massachusetts
    Posts
    5,800
    Provided Answers: 11
    A google search should show that SQL Injections is at least as old as ASP. The ways to stop SQL Injection attacks are:
    1) check your inputs
    2) use stored procedures, instead of dynamic SQL
    3) check your inputs
    4) use command objects with parameters, instead of just rs.open(qry).
    5) check your inputs

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •