473,396 Members | 2,082 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > sql injection and parameterized stored procedures

Join Bytes to post your question to a community of 473,396 software developers and data experts.

SQL injection and parameterized stored procedures

Is SQL injection an issue with SP's?

tia
Jul 19 '05 #1
3 1694
> Is SQL injection an issue with SP's?

As long as you replace ' with '' then you *should* be fine...

Some will argue that using a command object (which forces strong typing of
parameters, among other things) will protect you "better" but I don't
necessarily agree that it is one of the command object's strengths.

A
Jul 19 '05 #2
On Tue, 4 Nov 2003 16:53:22 -0800, "Stan Prosedur" <St**@Prosedur.com>
wrote:
Is SQL injection an issue with SP's?


Sure. Anytime a SP accepts a parameter and the parameter can be
entered as an injection routine, it's a factor. The normal SQL
injection fixes work as well, escaping single quotes, etc.

Jeff
Jul 19 '05 #3
Thanks to the both of you.

:-)
"Jeff Cochran" <jc*************@naplesgov.com> wrote in message
news:3f****************@msnews.microsoft.com...
On Tue, 4 Nov 2003 16:53:22 -0800, "Stan Prosedur" <St**@Prosedur.com>
wrote:
Is SQL injection an issue with SP's?


Sure. Anytime a SP accepts a parameter and the parameter can be
entered as an injection routine, it's a factor. The normal SQL
injection fixes work as well, escaping single quotes, etc.

Jeff

Jul 19 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

11
SQL Injection - Stored Procedures
by: Bã§TãRÐ | last post by:
I have been working on this particular project for a little over 2 weeks now. This product contains between 700-900 stored procedures to handle just about all you can imagine within the product. I...
ASP / Active Server Pages
9
Protecting SQL injection attacks (text input functino)
by: Darrel | last post by:
I'm learning a bit about the SWL injection issues and want to write a shared class that I can call from anywhere in my project to 'sanitize' any incoming text from textfields before sending to the...
ASP.NET
10
SQL injection
by: MattB | last post by:
I have a name lookup form that passes the contents of two text boxes to a sql query. I've noticed that someone can substitute % for letters and wildcard the query. I know I could just disallow that...
ASP.NET
10
Preventing form injection on Classic ASP pages
by: bregent | last post by:
I've seen plenty of articles and utilities for preventing form injections for ASP.NET, but not too much for classic ASP. Are there any good input validation scripts that you use to avoid form...
ASP / Active Server Pages
4
sample validation code for sql injection attact
by: ss | last post by:
hi, can anybody gives me a sample code where the sql injection attack is validated. how can i do that in business logic layer and pass the error to the presentation tier I want the sample...
ASP.NET
18
Problem getting hacked with this new SQL injection Tool. Adword71 and direct84
by: Lance Wynn | last post by:
One of my server has been compromised from this virus, and I can't seem to block it out! I have shut down the infected server, but I need to figure out how to check for this, and stop it. The...
ASP / Active Server Pages
12
sql injection
by: shank | last post by:
I've been hit again using DW, parameterized queries and stored procedures. I'm guessing I was not strict enough with character counts and allowing to long of a string to pass. Aside from that,...
ASP / Active Server Pages
2
new type of injection? rewrite default document?
by: Brian Bozarth | last post by:
This is weird, I'm pretty familiar with SQL Injection - but we're getting these weird injection that is writing in the default document or home page. What it's doing is putting in script code at...
ASP / Active Server Pages
2
Frinavale
SQL Injection Attack
by: Frinavale | last post by:
SQL Injection Attack A database is a collection of information organised in such a way that allows computer programs to access data (even large amounts) quickly and easily. Data within a database is...
Microsoft Access / VBA
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!