473,389 Members | 1,082 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,389 software developers and data experts.

Deleting table entries from MS Access db from just an entry via web form

Hi all,

I wondered if anyone knew if it was possible to delete entries in an MS
Access database table from just entering data into it?

I shall explain :

If you have a web form (in asp.net for example) where you can enter
details into the Access DB like "firstname", and "biography" etc, is it
possible to enter a certain string in this web form which could delete
entries in that table?

Many thanks.

Jan 23 '06 #1
4 1704
Yes ... it's called SQL Injection.

I've never been able to get it to work, but I understand it's possible.

Let's say you had a search form with a LastName field for users to
enter text for the search. The embedded SQL might look like this:

strSQL = "SELECT * FROM MyTable WHERE LastName ='" & _
Request("txtLastNameSearch") & "';"

If you enter "Smyth" as the last name, the SQL evaluates to this ...
SELECT * FROM MyTable WHERE LastName ='Smyth';

However, if someone enters this ... "(DELETE FROM MyTable)"
SELECT * FROM MyTable WHERE LastName ='(DELETE FROM MyTable)';

No, that doesn't work, does it. No, I can't get SQL Injection to work
against my embedded sql, but I understand it's possible. I'd love to see
a working example, but a search of Google on SQL Injection only
warned against it. Never did find a working example.
--

Danny J. Lesandrini
dl*********@hotmail.com
http://amazecreations.com/datafast
<st******@gmail.com> wrote ...
Hi all,

I wondered if anyone knew if it was possible to delete entries in an MS
Access database table from just entering data into it?

I shall explain :

If you have a web form (in asp.net for example) where you can enter
details into the Access DB like "firstname", and "biography" etc, is it
possible to enter a certain string in this web form which could delete
entries in that table?

Many thanks.

Jan 23 '06 #2
Thanks Danny, that is great.

Do you know a simple method of securing against such a type of attack
on an Access database please?

Thanks.

Jan 23 '06 #3
Do a search for SQL Injection at Google Groups on ASP groups and
they'll tell you to move to Stored Procs instead of embedded SQL.

http://groups.google.com/groups?as_q...=2006&safe=off

--

Danny J. Lesandrini
dl*********@hotmail.com
http://amazecreations.com/datafast
<st******@gmail.com> wrote ...
Thanks Danny, that is great.

Do you know a simple method of securing against such a type of attack
on an Access database please?

Thanks.

Jan 23 '06 #4
Thanks very much for your help.

Jan 23 '06 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Nathan Bloom | last post by:
Hi, I have a data entry form (access 2000) that also allows the user to add, update, and delete records from the form. The Delete action is carried out in an event procedure and has the...
1
by: KC | last post by:
Hello, I am using Access 2002. WinXP, Template from MS called Orders Mgmt DB. I have tweaked this DB to work for our small co. It has worked pretty well up until I made the mistake of deleting...
8
by: kaosyeti | last post by:
i have a (hopefully) small problem. i have created a system where a user enters customer information into a table through a form. this table has no primary key. there are 9 fields on the form to...
5
by: Manish | last post by:
The topic is related to MySQL database. Suppose a table "address" contains the following records ------------------------------------------------------- | name | address | phone |...
21
by: Johan Tibell | last post by:
I would be grateful if someone had a minute or two to review my hash table implementation. It's not yet commented but hopefully it's short and idiomatic enough to be readable. Some of the code...
2
by: Mark | last post by:
I have a form with two sub forms. The form is set to data entry. The form is bound directly to a table I have two buttons at the bottom of the screen. One button is named reject and one is named...
3
by: 66sprite | last post by:
I am new to PHP and I am trying make a page that displays the entries in a table and then gives the option to delete a specific entry after checking it. I can get the page to display the entries and...
11
by: shriil | last post by:
Hi I have this database that calculates and stores the incentive amount earned by employees of a particular department. Each record is entered by entering the Date, Shift (morn, eve, or night)...
2
by: helraizer1 | last post by:
Hi folks, I have a file for my chatbox called data.line, which the posts are in the layout CHATBOXTEXT 7 username=helraizer 1202416953
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
0
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
0
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.