The only way to fix SQL Injection vulnerabilities is to fix the code. Basically use Parametised Queries/Prepared statements instead of inline SQL, and you'll be immue.
For Classic ASP - use ADO Command + Parameter objects For ASP.NET use SqlCommand+Parameter objects or OleDbCommand+Parameter objects (or you can even use inline SQL with ? parameters that you fill in using parameter objects). Cheers Ken From: Vue, Za [mailto:[EMAIL PROTECTED] Sent: Wednesday, 23 July 2008 12:48 AM To: NT System Admin Issues Subject: SQL Injection Damn, I have a SQL 2000 database that has been hit by SQL Injection. Not a code person so anyone know how to fix this? I restored the database and everything is running again. -Za ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
