[thelist] SQL Update CORRECTION
Damien COLA
damiencola at wanadoo.fr
Fri Jul 16 11:52:55 CDT 2004
that's what I've been thinking too, because it seems to me that all
examples of sql injection have the ' character in them as well as the --
to comment out the rest of the legitimate query.
but I'd love confirmation.
-----Original Message-----
Question - If I went through each string before using it as a parameter
to search for quotes and either refussed to run the sql statement or
deleted the quotes first - would that solve the majority of sql
injection attacks?
Jas
More information about the thelist
mailing list