473,324 Members | 1,646 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

Preventing SQL Injection attacks

My site has come under attack from sql injections. I thought I had
things handled by replacing all single quotes with two single quotes,
aka

Replace(inputString, "'", "''")

Alas, clever hackers have still managed to find a way to drop columns
from some of my tables. Can anybody direct me towards a best practice
document on preventing these attacks?

Thank you thank you,

Kevin

Mar 2 '06 #1
4 1364

Kevin Audleman wrote:
My site has come under attack from sql injections. I thought I had
things handled by replacing all single quotes with two single quotes,
aka

Replace(inputString, "'", "''")

Alas, clever hackers have still managed to find a way to drop columns
from some of my tables. Can anybody direct me towards a best practice
document on preventing these attacks?

Thank you thank you,

Kevin


Mar 2 '06 #2
Thank you Jennifer =)

Mar 2 '06 #4
Kevin Audleman (au******@quasika.net) writes:
My site has come under attack from sql injections. I thought I had
things handled by replacing all single quotes with two single quotes,
aka

Replace(inputString, "'", "''")

Alas, clever hackers have still managed to find a way to drop columns
from some of my tables. Can anybody direct me towards a best practice
document on preventing these attacks?


Learn about using parameterised commands in whichever API you are using.

--
Erland Sommarskog, SQL Server MVP, es****@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pro...ads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinf...ons/books.mspx
Mar 3 '06 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Martin Lucas-Smith | last post by:
Can anyone provide any suggestions/URLs for best-practice approaches to preventing SQL injection? There seems to be little on the web that I can find on this. Martin Lucas-Smith ...
2
by: freddy | last post by:
I would like to get more information on securing my windows apps from SQL injection attacks. There is so much stuff on web apps, but I can't find info on win apps. Can you help me
4
by: poppy | last post by:
I think a site I developed has been the victim of a sql injection attack.I know how to stop this happening in future but: Is there any way I can trace such an attack?
9
by: Darrel | last post by:
I'm learning a bit about the SWL injection issues and want to write a shared class that I can call from anywhere in my project to 'sanitize' any incoming text from textfields before sending to the...
5
by: TCORDON | last post by:
What is the best way to protect a site against it? Does anyone have a RegEx to help validate user input? TIA!
5
by: www.douglassdavis.com | last post by:
I have an idea for preventing sql injection attacks, however it would have to be implemented by the database vendor. Let me know if I am on the right track, this totally off base, or already...
10
by: bregent | last post by:
I've seen plenty of articles and utilities for preventing form injections for ASP.NET, but not too much for classic ASP. Are there any good input validation scripts that you use to avoid form...
29
by: sinbuzz | last post by:
Hi, I'm curious about the best way to avoid SQL Injection attacks against my web server. Currently I'm on IIS. I might be willing to switch to something like Apache but I'm not sure if SQL...
2
by: Jerry Winston | last post by:
We all know SQL injection attacks can easily get break SQL command strings concatenated with unsanitized user input fields: set commandObj = Server.CreateObject("ADODB.Connection") set rs =...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.