Results 1 to 3 of 3
  1. #1
    Join Date
    Nov 2003

    Unanswered: SQL security question


    I've two questions regarding SQL security in the context of web scripting.

    Q1: Are there any characters that can possibly damage or corrupt a table's data?

    My understanding is that there's no danger so any kinds of input can be inserted into a table. But when these characters are displayed on a web page, the characters need to be unescaped ( e.g. a double quote " becomes " ) or else they can mess up the page's display. Worse, malicious code can be injected to allow unauthorised viewing of files or access to the server's resources.

    Q2: When an input (QUERY) is used in a query e.g. (SELECT * FROM users WHERE username=QUERY), the input needs to be checked to ensure that no no malicious code is injected.

    Could anyone enlighten me on the above?

    Thanks in anticipation

  2. #2
    Join Date
    Jan 2007
    Provided Answers: 10
    Question 2 is not so much a question, more a statement of fact. So here's something for you to read on the subject.
    Home | Blog

  3. #3
    Join Date
    Nov 2007

    SQL injection

    Search for SQL injection on the web. there are some great movies on you tube about this
    Peak Consulting - Business Intelligence Experts

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts