19 results found for EXACT PHRASE: ';drop table
hex encoded ';DROP TABLE Products' ---> <cfoutput>#isValid("url",
http://stackoverflow.com/question...0668/does-isvalid-protect-from-xss
username ';DROP TABLE users;-- Parameterized queries, on the other hand, ARE safe. They might look like PreparedStatement statement =
http://stackoverflow.com/question...what-do-sql-parameters-protect-you
';drop table test;'. Can you provide an example of how the second piece of code could be injected? I think you are a bit confused about how SQL Injection
http://stackoverflow.com/question...-procedure-safe-from-sql-injection
http://www.amk.ca/python/writing/DB-API.html Be careful when you simply append values of variables to your statements: Imagine a user naming himself ';DROP TABLE Users;' -- That's why you need
http://stackoverflow.com/question...riables-in-sql-statement-in-python
an attacker would insert this: ';DROP TABLE FOO; -- The statement would look like: SELECT * FROM Customers WHERE Customername = ''';DROP TABLE FOO;--'
http://stackoverflow.com/question...l-statements-vs-very-simple-method
prevent input like this from causing damage: ';DROP TABLE bar;-- Try putting that in your fuz variable (or don't, if you value your bar table). More subtle
http://stackoverflow.com/question...rameterized-sql-query-why-should-i
';DROP TABLE tblClient;-- Instead, use a parameterized query. That will fix your date issues and protect against sql injection attacks. Here's an example:
http://stackoverflow.com/question...e-format-from-textbox-ms-sql-query
AND addLine1 = ''' + @ApexLine1 + '''' is EVIL . Don't do it. Variables like @ApexLine1 could contain anything , even something like this: ';DROP TABLE
http://stackoverflow.com/question...adapter-query-configuration-wizard
TextBox1.Text & "')" NEVER substitute user input directly into a query like that! It's a major security hole. What if I enter ';DROP TABLE Student;-- into your
http://stackoverflow.com/question...o-list-data-in-ms-sql-using-vb-net
cfqueryparam for your values, and I hope you're sanitizing your input somehow so that arguments.strSelectAttributes can't contain something like ';drop table
http://stackoverflow.com/question...ide-sql-sanitization-in-coldfusion