Discussion on:
Secure SQL Server: Encryption and SQL injection attacks

2
Comments
Add Your Opinion

Join the conversation!

Follow via:
RSS
Email Alert
Community Preferences
0 Votes
+ -
another possible way to prevent sql injection
jasontconnell@... 20th Oct 2003
i guess if you're expecting an int, make sure it's an int before you go plugging it into a sql statement.

Dim cId : cId = CLng(Request("CUSTOMER_ID"))

also, i learned this trick from someone, when dealing with strings. replace all ' with '' or with some other character that isn't used as a string delimiter in sql server, like the ` so if someone tries to log in to a site using sql injection, you've got them covered. you could also use the HTML &#XXX; equivalent of ' . Good article!
0 Votes
+ -
RE: Secure SQL Server: Encryption and SQL injection attacks
mabdeen@... 20th Nov 2008
well done
Keyboard Shortcuts:
Prev
Next
Toggle
Join the conversation
Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

Join the TechRepublic Community and join the conversation! Signing-up is free and quick, Do it now, we want to hear your opinion.

Join Login

Keep Up with TechRepublic

Discover more newsletters

Follow us however you choose!

Media Gallery

View All

Hot Discussions

Start a Discussion
View All

Hot Questions

Ask a Question