SQL Injection Keywords

bigbadcon · 22-06-2009 05:14PM #1

Hi folks,

Just wondering if anyone has a list of SQL Injection keywords that I could use to filter out of user input.

Cant find anything decent on google..

Im using SQL Server BTW...

Cheers

Hydrosylator · 23-06-2009 09:46AM

Well that depends on what language you're using, which one is it?
I know SQL is independent of the language, but the functions that can be used aren't.

Rather than filter every possible exploit, you should use a function like mysql_real_escape_string to stop sql injections.

bigbadcon · 23-06-2009 11:01AM

Not sure I understand what you mean?

Im using asp.net(vb) to connect to a SQL Server 2005 database..

jmcc · 23-06-2009 11:13AM

bigbadcon wrote: »

Not sure I understand what you mean?

Im using asp.net(vb) to connect to a SQL Server 2005 database..

The standard procedure is to treat every input from the web as being toxic. This means that it is then filtered for various attempts at SQL injection by removing non-text charcters or other elements. I haven't used ASP for years but there should be some routines and procedures for doing this.

Regards...jmcc

Hydrosylator · 23-06-2009 05:50PM

Ah I see what you mean. Well I know feck all about asp.net but here's a page I found that should get you out of your current bind.

How To: Protect From SQL Injection in ASP.NET

SQL Injection Keywords

Comments