-
February 1st, 2004, 11:47 AM
#1
Junior Member
sql question??
when I check my site sql injection, I received a mesage:
error:[Microsoft][ODBCSQLServerDriver] [SQLServer]line1 incorrect syntax near '`'.
what can I do now? I want to hack my site to protect it in the future
thanks
-
February 1st, 2004, 01:29 PM
#2
Senior Member
as far as i can figure out from your statement...
there is some syntax error in the code where you have written SQL code..
Now is the moment, or NEVER!!!
-
February 1st, 2004, 01:33 PM
#3
Very good article about sql injection can be foud here.
And what should you do to protect your pages: IMHO it is very important to supress the error messeges produced by your database. Or change it with something that will inform the user about an error but don't tell him where exactly this error is. Other thing is to filter all unwanted chars that can be input by the user. In php you cen use addslashes etc...
-
February 1st, 2004, 04:26 PM
#4
You don't need to know more about sql injection....you need to know more about proper input validation so you can fix your site. You need to look up the characters you should be stripping out of your inputs to prevent this style of attack, you might also look at where your sql lives, what it does, and does it really need to do it that way.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
-
February 4th, 2004, 01:16 PM
#5
Originally posted here by sun7dots
Other thing is to filter all unwanted chars that can be input by the user.
You need to look up the characters you should be stripping out of your inputs to prevent this style of attack,{...}
This is actually the wrong way to do it as people tend to forget things or overlook stuff (the infamous "too many slashes syndrome" ).
You need to filter on the characters you want and drop everything else.
Oliver's Law:
Experience is something you don't get until just after you need it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|