[thelist] Website Hacked?

Joel D Canfield joel at bizba6.com
Sat May 24 17:59:40 CDT 2008


> It's not a form hijack issue, it's anytime you use a 
> querystring to pass 
> data to an SQL state - even a SELECT!
> 
> e.g. view.asp?id=300

ugh. of course. I knew that. d'oh. obviously what's happening. (this is
the first database driven thingy I ever built, years and years ago,
using borrowed code I didn't fully understand at the time. it's *so*
time to rebuild from scratch, using what I now like to call 'the right
way' . . . )

thanks for the pointer, and reminders re: strong typing and, of course,
doin' it all server side.

joel



More information about the thelist mailing list