Results 1 to 3 of 3
  1. #1
    Join Date
    Nov 2003
    Location
    Sinapore
    Posts
    187

    Unanswered: SQL security question

    Hello,

    I've two questions regarding SQL security in the context of web scripting.

    Q1: Are there any characters that can possibly damage or corrupt a table's data?

    My understanding is that there's no danger so any kinds of input can be inserted into a table. But when these characters are displayed on a web page, the characters need to be unescaped ( e.g. a double quote " becomes " ) or else they can mess up the page's display. Worse, malicious code can be injected to allow unauthorised viewing of files or access to the server's resources.

    Q2: When an input (QUERY) is used in a query e.g. (SELECT * FROM users WHERE username=QUERY), the input needs to be checked to ensure that no no malicious code is injected.

    Could anyone enlighten me on the above?

    Thanks in anticipation

  2. #2
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    Question 2 is not so much a question, more a statement of fact. So here's something for you to read on the subject.
    George
    Home | Blog

  3. #3
    Join Date
    Nov 2007
    Posts
    20

    SQL injection

    Search for SQL injection on the web. there are some great movies on you tube about this
    Peak Consulting - Business Intelligence Experts

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •