473,602 Members | 2,872 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

someone update my database

AA
hello to aal,

how its mossible to someone update may database, for now we have a database
and time to time, someone update a record, changing the information.

what can i do to avoid this?

thanks on advance
AMA
Feb 27 '06 #1
1 1441
AA wrote:
hello to aal,

how its mossible to someone update may database, for now we have a
database and time to time, someone update a record, changing the
information.

what can i do to avoid this?

Given the lack of information (database type and version? internet vs
intranet? etc.) all we can do is guess. Here is my guess, based on my
assumption that you are using an Access database:

1. Your use of dynamic sql has left your database exposed to attacks by
hackers using the sql injection technique
(http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
http://www.nextgenss.com/papers/adva..._injection.pdf)
You can eliminate this threat by using parameters instead of dynamic sql

http://groups.google.com/groups?hl=e...tngp13.phx.gbl

http://groups.google.com/groups?hl=e...TNGP11.phx.gbl

http://www.google.com/groups?selm=eE...&output=gplain

http://www.google.com/groups?hl=en&l...TNGP12.phx.gbl

Using Command object to pass values to parameter markers in a sql string:
http://groups-beta.google.com/group/...e36562fee7804e

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Feb 27 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
10548
by: Mark | last post by:
A beginner in this area, I have been able to read a record from a MySQL database and populate an HTML form (wow!). Now, my goal is to allow the user to edit the contents of the form and then update the record in MySQL. The problem is, as soon as the "Update" button (type="submit") is pressed, all of the data disappear from the form. How can that be prevented? Here is my code:
3
2025
by: Michael Lauzon | last post by:
This is not for a class, I have a group on SourceForge, this is what one of the Developers is asking; the more advanced you can make it right off all the better!: Can someone please create some MySQL to create the first table: the players table. It will need to include (as a minimum): - ID (unique)
2
5259
by: Niyazi | last post by:
Hi, I have not understand the problem. Before all the coding with few application everything worked perfectly. Now I am developing Cheque Writing application and when the cheque is clear the user have to open a form and entera date so we know in report that the desiered check has been cleared. It takes me while to wrtie. But when I try to update the datagrid changes via dataset to MS Access 2003 I get an error that simply says...
5
3327
by: Klemens | last post by:
I get SQL30090 reason 18 by trying to do an insert in a federated table and an update in a local table in one transaction Do I have to change some settings to get done or ist this not possible by definition? Thanks Klemens
7
2413
by: PC Datasheet | last post by:
Looking for suggestions ---- A database was designed for a national automobile inspection program. In it's simplest form, the database has two tables: TblOwner OwnerID <Year/Make/Model owned by owner, Owner name/address, etc) TblInspection InspectionID
8
2686
by: Zorpiedoman | last post by:
I keep getting a concurrency exception the second time I make a change and attempt to update a dataadapter. It appears this is by design, so there must be something I can do to avoid it. Example: I have a dataadapter that contains one table with one row. I change the value of the 'FisrtName' column in that row from Jack to John. I call ..update on the dataadapter it goes through fine. Now I change that same column in that same row...
2
1994
by: Extremest | last post by:
Here is the code I have so far. It connects to a db and grabs headers. It then sorts them into groups and then puts all the complete ones into another table. Problem I am having is that for some reason now it is not finding ones that are single posts. Here is an example of a header for a single. (Ask the Dust ) - "atd-ftc-repack.nfo" www.ctjes.com (1/1) (1/1) at the end means it is part 1 of a 1 part post. Any help would be...
2
3098
by: Miro | last post by:
I will ask the question first then fumble thru trying to explain myself so i dont waste too much of your time. Question / Statement - Every mdb table needs a PrimaryKey ( or maybe an index - i havnt tested the index yet ) so you can use an .UPDATE( dataTable ) on the data adapter. Otherwise you will get an exception error. Is this statement true? ---- Now me fumbling thru
3
3946
by: Michel Esber | last post by:
Hi all, DB2 V8 LUW FP 15 There is a table T (ID varchar (24), ABC timestamp). ID is PK. Our application needs to frequently update T with a new value for ABC. update T set ABC=? where ID = ?
0
7993
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8270
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
6730
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
5870
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5440
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
3901
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
3944
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
2424
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1511
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.