AA wrote:
hello to aal,
how its mossible to someone update may database, for now we have a
database and time to time, someone update a record, changing the
information.
what can i do to avoid this?
Given the lack of information (database type and version? internet vs
intranet? etc.) all we can do is guess. Here is my guess, based on my
assumption that you are using an Access database:
1. Your use of dynamic sql has left your database exposed to attacks by
hackers using the sql injection technique
(
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23 http://www.nextgenss.com/papers/adva..._injection.pdf)
You can eliminate this threat by using parameters instead of dynamic sql
http://groups.google.com/groups?hl=e...tngp13.phx.gbl http://groups.google.com/groups?hl=e...TNGP11.phx.gbl http://www.google.com/groups?selm=eE...&output=gplain http://www.google.com/groups?hl=en&l...TNGP12.phx.gbl
Using Command object to pass values to parameter markers in a sql string:
http://groups-beta.google.com/group/...e36562fee7804e
Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.