Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.

SQL Injection Keywords

Options
  • 22-06-2009 5:14pm
    #1
    bigbadcon
    Registered Users Posts: 507 ✭✭✭


    Hi folks,

    Just wondering if anyone has a list of SQL Injection keywords that I could use to filter out of user input.

    Cant find anything decent on google..

    Im using SQL Server BTW...

    Cheers


Comments

  • Options
    #2
    Hydrosylator
    Closed Accounts Posts: 275 ✭✭Hydrosylator


    Well that depends on what language you're using, which one is it?
    I know SQL is independent of the language, but the functions that can be used aren't.

    Rather than filter every possible exploit, you should use a function like mysql_real_escape_string to stop sql injections.


  • Options
    #3
    bigbadcon
    Registered Users Posts: 507 ✭✭✭bigbadcon


    Not sure I understand what you mean?

    Im using asp.net(vb) to connect to a SQL Server 2005 database..


  • Options
    #4
    jmcc
    Registered Users Posts: 7,291 ✭✭✭jmcc


    bigbadcon wrote: »
    Not sure I understand what you mean?

    Im using asp.net(vb) to connect to a SQL Server 2005 database..
    The standard procedure is to treat every input from the web as being toxic. This means that it is then filtered for various attempts at SQL injection by removing non-text charcters or other elements. I haven't used ASP for years but there should be some routines and procedures for doing this.

    Regards...jmcc


  • Options
    #5
    Hydrosylator
    Closed Accounts Posts: 275 ✭✭Hydrosylator


    Ah I see what you mean. Well I know feck all about asp.net but here's a page I found that should get you out of your current bind.

    How To: Protect From SQL Injection in ASP.NET


Advertisement