473,699 Members | 2,086 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

someone update my database

AA
hello to aal,

how its mossible to someone update may database, for now we have a database
and time to time, someone update a record, changing the information.

what can i do to avoid this?

thanks on advance
AMA
Feb 27 '06 #1
1 1444
AA wrote:
hello to aal,

how its mossible to someone update may database, for now we have a
database and time to time, someone update a record, changing the
information.

what can i do to avoid this?

Given the lack of information (database type and version? internet vs
intranet? etc.) all we can do is guess. Here is my guess, based on my
assumption that you are using an Access database:

1. Your use of dynamic sql has left your database exposed to attacks by
hackers using the sql injection technique
(http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
http://www.nextgenss.com/papers/adva..._injection.pdf)
You can eliminate this threat by using parameters instead of dynamic sql

http://groups.google.com/groups?hl=e...tngp13.phx.gbl

http://groups.google.com/groups?hl=e...TNGP11.phx.gbl

http://www.google.com/groups?selm=eE...&output=gplain

http://www.google.com/groups?hl=en&l...TNGP12.phx.gbl

Using Command object to pass values to parameter markers in a sql string:
http://groups-beta.google.com/group/...e36562fee7804e

Bob Barrows

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Feb 27 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
10552
by: Mark | last post by:
A beginner in this area, I have been able to read a record from a MySQL database and populate an HTML form (wow!). Now, my goal is to allow the user to edit the contents of the form and then update the record in MySQL. The problem is, as soon as the "Update" button (type="submit") is pressed, all of the data disappear from the form. How can that be prevented? Here is my code:
3
2035
by: Michael Lauzon | last post by:
This is not for a class, I have a group on SourceForge, this is what one of the Developers is asking; the more advanced you can make it right off all the better!: Can someone please create some MySQL to create the first table: the players table. It will need to include (as a minimum): - ID (unique)
2
5264
by: Niyazi | last post by:
Hi, I have not understand the problem. Before all the coding with few application everything worked perfectly. Now I am developing Cheque Writing application and when the cheque is clear the user have to open a form and entera date so we know in report that the desiered check has been cleared. It takes me while to wrtie. But when I try to update the datagrid changes via dataset to MS Access 2003 I get an error that simply says...
5
3336
by: Klemens | last post by:
I get SQL30090 reason 18 by trying to do an insert in a federated table and an update in a local table in one transaction Do I have to change some settings to get done or ist this not possible by definition? Thanks Klemens
7
2422
by: PC Datasheet | last post by:
Looking for suggestions ---- A database was designed for a national automobile inspection program. In it's simplest form, the database has two tables: TblOwner OwnerID <Year/Make/Model owned by owner, Owner name/address, etc) TblInspection InspectionID
8
2695
by: Zorpiedoman | last post by:
I keep getting a concurrency exception the second time I make a change and attempt to update a dataadapter. It appears this is by design, so there must be something I can do to avoid it. Example: I have a dataadapter that contains one table with one row. I change the value of the 'FisrtName' column in that row from Jack to John. I call ..update on the dataadapter it goes through fine. Now I change that same column in that same row...
2
1999
by: Extremest | last post by:
Here is the code I have so far. It connects to a db and grabs headers. It then sorts them into groups and then puts all the complete ones into another table. Problem I am having is that for some reason now it is not finding ones that are single posts. Here is an example of a header for a single. (Ask the Dust ) - "atd-ftc-repack.nfo" www.ctjes.com (1/1) (1/1) at the end means it is part 1 of a 1 part post. Any help would be...
2
3106
by: Miro | last post by:
I will ask the question first then fumble thru trying to explain myself so i dont waste too much of your time. Question / Statement - Every mdb table needs a PrimaryKey ( or maybe an index - i havnt tested the index yet ) so you can use an .UPDATE( dataTable ) on the data adapter. Otherwise you will get an exception error. Is this statement true? ---- Now me fumbling thru
3
3960
by: Michel Esber | last post by:
Hi all, DB2 V8 LUW FP 15 There is a table T (ID varchar (24), ABC timestamp). ID is PK. Our application needs to frequently update T with a new value for ABC. update T set ABC=? where ID = ?
0
8697
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8621
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9184
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9042
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
7759
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
5878
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4380
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4634
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3061
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.