Webmaster Forum - Search Engine and Internet Marketing Forum

by **Purple Moogle** on Sat Aug 08, 2009 11:18 pm

Okay I'm replacing all apostrophes ' with double apostrophes '' (not quote marks, two apostrophe characters). This seems to prevent most of my attempts to insert any SQL fails.

Can anyone think of any way to insert SQL?

Powered by Yahoo Answers

by **Mehdi** on Mon Aug 17, 2009 11:33 pm

Remove NULL characters from input.

SQL NULLs are not the same as programming/scripting NULLs, and they may be put in to terminate a line by exception (overflow errors), allowing for the double dash ( e.g.: SQL single line comments) to be inserted, which in turn can allow for arbitrary code to follow...

Check this page: http://msdn.microsoft.com/en-us/library/ms161953.aspx . They explain it better than I can.

by **sirdice** on Wed Sep 09, 2009 11:47 pm

Yeah, loads. Quotes aren't the only thing you need to watch for.

by **Germann A** on Fri Sep 25, 2009 11:56 pm

http://www.google.co.uk/search?q=sql+injection+tutorial&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

BTW: the driver on it's own is NOT susceptible to SQL injection, it is your code that passes generated SQL to the driver...

Webmaster Forum - Search Engine and Internet Marketing Forum

What sort of SQL injection attacks is the MS Access ODBC Driver susceptible to?

What sort of SQL injection attacks is the MS Access ODBC Driver susceptible to?

Re: What sort of SQL injection attacks is the MS Access ODBC Driver susceptible to?

Re: What sort of SQL injection attacks is the MS Access ODBC Driver susceptible to?

Re: What sort of SQL injection attacks is the MS Access ODBC Driver susceptible to?

Who is online