473,320 Members | 1,974 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Deleting table entries from MS Access db from just an entry via web form

Hi all,

I wondered if anyone knew if it was possible to delete entries in an MS
Access database table from just entering data into it?

I shall explain :

If you have a web form (in asp.net for example) where you can enter
details into the Access DB like "firstname", and "biography" etc, is it
possible to enter a certain string in this web form which could delete
entries in that table?

Many thanks.

Jan 23 '06 #1
4 1701
Yes ... it's called SQL Injection.

I've never been able to get it to work, but I understand it's possible.

Let's say you had a search form with a LastName field for users to
enter text for the search. The embedded SQL might look like this:

strSQL = "SELECT * FROM MyTable WHERE LastName ='" & _
Request("txtLastNameSearch") & "';"

If you enter "Smyth" as the last name, the SQL evaluates to this ...
SELECT * FROM MyTable WHERE LastName ='Smyth';

However, if someone enters this ... "(DELETE FROM MyTable)"
SELECT * FROM MyTable WHERE LastName ='(DELETE FROM MyTable)';

No, that doesn't work, does it. No, I can't get SQL Injection to work
against my embedded sql, but I understand it's possible. I'd love to see
a working example, but a search of Google on SQL Injection only
warned against it. Never did find a working example.
--

Danny J. Lesandrini
dl*********@hotmail.com
http://amazecreations.com/datafast
<st******@gmail.com> wrote ...
Hi all,

I wondered if anyone knew if it was possible to delete entries in an MS
Access database table from just entering data into it?

I shall explain :

If you have a web form (in asp.net for example) where you can enter
details into the Access DB like "firstname", and "biography" etc, is it
possible to enter a certain string in this web form which could delete
entries in that table?

Many thanks.

Jan 23 '06 #2
Thanks Danny, that is great.

Do you know a simple method of securing against such a type of attack
on an Access database please?

Thanks.

Jan 23 '06 #3
Do a search for SQL Injection at Google Groups on ASP groups and
they'll tell you to move to Stored Procs instead of embedded SQL.

http://groups.google.com/groups?as_q...=2006&safe=off

--

Danny J. Lesandrini
dl*********@hotmail.com
http://amazecreations.com/datafast
<st******@gmail.com> wrote ...
Thanks Danny, that is great.

Do you know a simple method of securing against such a type of attack
on an Access database please?

Thanks.

Jan 23 '06 #4
Thanks very much for your help.

Jan 23 '06 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Nathan Bloom | last post by:
Hi, I have a data entry form (access 2000) that also allows the user to add, update, and delete records from the form. The Delete action is carried out in an event procedure and has the...
1
by: KC | last post by:
Hello, I am using Access 2002. WinXP, Template from MS called Orders Mgmt DB. I have tweaked this DB to work for our small co. It has worked pretty well up until I made the mistake of deleting...
8
by: kaosyeti | last post by:
i have a (hopefully) small problem. i have created a system where a user enters customer information into a table through a form. this table has no primary key. there are 9 fields on the form to...
5
by: Manish | last post by:
The topic is related to MySQL database. Suppose a table "address" contains the following records ------------------------------------------------------- | name | address | phone |...
21
by: Johan Tibell | last post by:
I would be grateful if someone had a minute or two to review my hash table implementation. It's not yet commented but hopefully it's short and idiomatic enough to be readable. Some of the code...
2
by: Mark | last post by:
I have a form with two sub forms. The form is set to data entry. The form is bound directly to a table I have two buttons at the bottom of the screen. One button is named reject and one is named...
3
by: 66sprite | last post by:
I am new to PHP and I am trying make a page that displays the entries in a table and then gives the option to delete a specific entry after checking it. I can get the page to display the entries and...
11
by: shriil | last post by:
Hi I have this database that calculates and stores the incentive amount earned by employees of a particular department. Each record is entered by entering the Date, Shift (morn, eve, or night)...
2
by: helraizer1 | last post by:
Hi folks, I have a file for my chatbox called data.line, which the posts are in the layout CHATBOXTEXT 7 username=helraizer 1202416953
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.