473,322 Members | 1,345 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Concatenation is dropping a single quote

I've got some code that adds a single quote to any ad hoc queries that
appear to look like hacks. For instance, if somebody enters ' OR 1=1 --
then this code adds another single quote the string to neutralize it.
The neutralized string becomes '' OR 1=1 --.

The problem is that when I try to concatenate this string into a SQL
insert statement, the extra single quote is lost. It diskappears! The
hack can then get to the DB.

I tried using Stringbuilder but it has the same effect.

Anybody ever heard of something like this?

~Paul

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #1
4 1620
No. You should show some code for a meaningful answer.

"Paul" <do*****@paulNOSPAMMERleblanc.net> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
I've got some code that adds a single quote to any ad hoc queries that
appear to look like hacks. For instance, if somebody enters ' OR 1=1 --
then this code adds another single quote the string to neutralize it.
The neutralized string becomes '' OR 1=1 --.

The problem is that when I try to concatenate this string into a SQL
insert statement, the extra single quote is lost. It diskappears! The
hack can then get to the DB.

I tried using Stringbuilder but it has the same effect.

Anybody ever heard of something like this?

~Paul

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #2
Sure. Doubled single quotes are escaped (literal) single quotes in SQL.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

"Paul" <do*****@paulNOSPAMMERleblanc.net> wrote in message
news:#S**************@TK2MSFTNGP12.phx.gbl...
I've got some code that adds a single quote to any ad hoc queries that
appear to look like hacks. For instance, if somebody enters ' OR 1=1 --
then this code adds another single quote the string to neutralize it.
The neutralized string becomes '' OR 1=1 --.

The problem is that when I try to concatenate this string into a SQL
insert statement, the extra single quote is lost. It diskappears! The
hack can then get to the DB.

I tried using Stringbuilder but it has the same effect.

Anybody ever heard of something like this?

~Paul

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #3
Yes.
That is the way it works.
You are escaping the single quote by doubling it up.
So instead of the 'OR 1=1 -- causing a SQL injection, it just gets added to
your data.
The value in the DB will still have a single quote because it was escaped by
the one you added.
--
Joe Fallon

"Paul" <do*****@paulNOSPAMMERleblanc.net> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl...
I've got some code that adds a single quote to any ad hoc queries that
appear to look like hacks. For instance, if somebody enters ' OR 1=1 --
then this code adds another single quote the string to neutralize it.
The neutralized string becomes '' OR 1=1 --.

The problem is that when I try to concatenate this string into a SQL
insert statement, the extra single quote is lost. It diskappears! The
hack can then get to the DB.

I tried using Stringbuilder but it has the same effect.

Anybody ever heard of something like this?

~Paul

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #4
Wow, damn, forgot about that! It's behaving.

I was expecting it to store both single quotes to the data store. NOT.

Now it is stored as data instead of an injection, but when I read it I
guess I have to escape the single quote once again to keep it from
injecting at read time.

Thanks.
~Paul

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

33
by: genc_ymeri | last post by:
Hi over there, Propably this subject is discussed over and over several times. I did google it too but I was a little bit surprised what I read on internet when it comes 'when to use what'. Most...
34
by: Larry Hastings | last post by:
This is such a long posting that I've broken it out into sections. Note that while developing this patch I discovered a Subtle Bug in CPython, which I have discussed in its own section below. ...
2
by: L. Berger | last post by:
Hi, I am working on an HTML template which has a lot of html tags, with PHP data shown in the middle of these tags -- you know, the usual. Currently, I have HTML as is, and many many "echo...
4
by: cppcraze | last post by:
Hi, I am just stumbled by a problem about concatenation in macro. See below code snippet: // there're some contants definition in this class struct X { enum {A, B, C}; };
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.