when I check my site sql injection, I received a mesage:
error:[Microsoft][ODBCSQLServerDriver] [SQLServer]line1 incorrect syntax near '`'.
what can I do now? I want to hack my site to protect it in the future
thanks
Printable View
when I check my site sql injection, I received a mesage:
error:[Microsoft][ODBCSQLServerDriver] [SQLServer]line1 incorrect syntax near '`'.
what can I do now? I want to hack my site to protect it in the future
thanks
as far as i can figure out from your statement...
there is some syntax error in the code where you have written SQL code..
Very good article about sql injection can be foud here.
And what should you do to protect your pages: IMHO it is very important to supress the error messeges produced by your database. Or change it with something that will inform the user about an error but don't tell him where exactly this error is. Other thing is to filter all unwanted chars that can be input by the user. In php you cen use addslashes etc...
You don't need to know more about sql injection....you need to know more about proper input validation so you can fix your site. You need to look up the characters you should be stripping out of your inputs to prevent this style of attack, you might also look at where your sql lives, what it does, and does it really need to do it that way.
Quote:
Originally posted here by sun7dots
Other thing is to filter all unwanted chars that can be input by the user.
This is actually the wrong way to do it as people tend to forget things or overlook stuff (the infamous "too many slashes syndrome" ;) ).Quote:
You need to look up the characters you should be stripping out of your inputs to prevent this style of attack,{...}
You need to filter on the characters you want and drop everything else.