Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

SQL Injection Keywords

  • 22-06-2009 5:14pm
    #1
    bigbadcon
    Registered Users Posts: 507 ✭✭✭


    Hi folks,

    Just wondering if anyone has a list of SQL Injection keywords that I could use to filter out of user input.

    Cant find anything decent on google..

    Im using SQL Server BTW...

    Cheers


Comments

  • #2
    Hydrosylator
    Closed Accounts Posts: 275 ✭✭Hydrosylator


    Well that depends on what language you're using, which one is it?
    I know SQL is independent of the language, but the functions that can be used aren't.

    Rather than filter every possible exploit, you should use a function like mysql_real_escape_string to stop sql injections.


  • #3
    bigbadcon
    Registered Users Posts: 507 ✭✭✭bigbadcon


    Not sure I understand what you mean?

    Im using asp.net(vb) to connect to a SQL Server 2005 database..


  • #4
    jmcc
    Registered Users, Registered Users 2 Posts: 7,452 ✭✭✭jmcc


    bigbadcon wrote: »
    Not sure I understand what you mean?

    Im using asp.net(vb) to connect to a SQL Server 2005 database..
    The standard procedure is to treat every input from the web as being toxic. This means that it is then filtered for various attempts at SQL injection by removing non-text charcters or other elements. I haven't used ASP for years but there should be some routines and procedures for doing this.

    Regards...jmcc


  • #5
    Hydrosylator
    Closed Accounts Posts: 275 ✭✭Hydrosylator


    Ah I see what you mean. Well I know feck all about asp.net but here's a page I found that should get you out of your current bind.

    How To: Protect From SQL Injection in ASP.NET


Advertisement