[thelist] Website Hacked?
Joel D Canfield
joel at bizba6.com
Sat May 24 17:59:40 CDT 2008
> It's not a form hijack issue, it's anytime you use a
> querystring to pass
> data to an SQL state - even a SELECT!
>
> e.g. view.asp?id=300
ugh. of course. I knew that. d'oh. obviously what's happening. (this is
the first database driven thingy I ever built, years and years ago,
using borrowed code I didn't fully understand at the time. it's *so*
time to rebuild from scratch, using what I now like to call 'the right
way' . . . )
thanks for the pointer, and reminders re: strong typing and, of course,
doin' it all server side.
joel
More information about the thelist
mailing list