[thelist] SQL Update CORRECTION

Damien COLA damiencola at wanadoo.fr
Fri Jul 16 11:52:55 CDT 2004


that's what I've been thinking too,  because it seems to me that all
examples of sql injection have the ' character in them as well as the --
to comment out the rest of the legitimate query.

but I'd love confirmation.

-----Original Message-----
Question - If I went through each string before using it as a parameter 
to search for quotes and either refussed to run the sql statement or 
deleted the quotes first - would that solve the majority of sql 
injection attacks?

Jas



More information about the thelist mailing list