Hello, are there any precautions against SQL Injection?
Example (http://de.wikipedia.org/wiki/SQL_Injection): User enters the value sql' ;GO EXEC cmdshell('format C') -- which leads to execution of statement SELECT url, title FROM myindex WHERE keyword LIKE '%sql' ;GO EXEC cmdshell('format C') --%' instead of SELECT url, title FROM myindex WHERE keyword LIKE '%sql%' Best regards, Markus Müller -- Markus Müller, Karlsruhe, www.mm65.de --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
