Looking at this:
http://www.unixwiz.net/techtips/sql-injection.html
both the escape and hex method, should prevent.
--
Robert Garcia
President - BigHead Technology
VP Application Development - eventpix.com
13653 West Park Dr
Magalia, Ca 95954
ph: 530.645.4040 x222 fax: 530.645.4040
[EMAIL P
I'm sorry, but SQL injection, sounds like porn for dbs.
--
Robert Garcia
President - BigHead Technology
VP Application Development - eventpix.com
13653 West Park Dr
Magalia, Ca 95954
ph: 530.645.4040 x222 fax: 530.645.4040
[EMAIL PROTECTED] - [EMAIL PROTECTED]
http://bighead.net/ - http://eve
Yes, this is why escaping is preferred. Also, witango processor overhead on encode. Java bean for escape would be preferred, I will probably write one in the next couple of weeks. One nice thing about a bean, is I can use in witango, or in php if needed. But php has all those escape methods. --
no, I have to do separate, which is why I said like 6 statements are necessary with that one solution. -- Robert Garcia President - BigHead Technology VP Application Development - eventpix.com 13653 West Park Dr Magalia, Ca 95954 ph: 530.645.4040 x222 fax: 530.645.4040 [EMAIL PROTECTED] - [EMAIL
Many thanks.
A couple of very salient points that could allow me to use DirectDBMS
for my insert/updates with BLOBs. The hex/unhex is cool, but doubles
the packet size, so mysql's max_allowed_packet needs to be considered.
Haven't had a need for mass inserts/updates with BLOBs, but I do
We try to use insert/update/delete actions whenever possible. But
have at many times had to use directdbms.
One very good use of it, is to prevent looping in witango. For
instance, I have software connecting to a webservice, and I send xml
for witango to insert many image categories. Usuall
Bill,
I was wondering about this recently also and found some interesting
tidbits. One is that at least in SQL Server, when you use an
insert/update action, the SQL is actually executed by Witango calling
one of the built-in stored procedures to execute the sql passed to it by
Witango. So SQL
I've been trying looking for vulnerabilities by attack my Witango
code a la
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
It looks like the Witango's SQLENCODING is doing the trick.
I guess it's like magic_quotes() in php. There seems to be a lot of
controversy about magic-quote
