Results 1 to 4 of 4

Thread: SQL injection

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

March 1st, 2002, 03:05 PM #1
Surreal

View Profile

View Forum Posts

Visit Homepage
Member

Join Date

Jul 2001

Posts

56
SQL injection

With respect to SQL strings:

Why is it not suffitient enough to replace an apostrophe ' with a quotation mark " ? Where ever I read about this, it is said that one apostrophe has to replaced with two. I understand all about string beginings and endings, but if one apostrophe is replaced by a quotation mark, whay can it be abused?

Thanks so much.
Reply With Quote

Quick Navigation Programming Security Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Forum Rules

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Thread: SQL injection

Thread Tools

Display

Threaded View

SQL injection

Posting Permissions