On Thu, May 28, 2015 at 5:08 PM, < [email protected]> wrote:
> Oh yes, I recall that lengthy discussion. Some swore their method was > bulletproof. I opted for the ?pcVariable approach for parameters in SQL > statement. Seemed safest and easiest to implement. > ------------ > What is the code to terminate a line in your RDBMS? In SqlServer ; and then Go do that. I remember you using mySQL in the past and not sure what that syntax is. Why don't you make a test table in the databse and see if you can drop it with a properly scripted input mascarading as a ?param from VFP. I don't see anything stopping you from droping that table if you do it properly. Read an easy intro to this here <http://en.wikipedia.org/wiki/SQL_injection> If all you see is non VFP code and don't think you are vulnerable go down to the Examples section to see just a few of the "problems" SQL injection can do. -- Stephen Russell Sr. Analyst Ring Container Technology Oakland TN 901.246-0159 cell --- StripMime Report -- processed MIME parts --- multipart/alternative text/plain (text body -- kept) text/html --- _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/CAJidMY+PaWhKSChXM-ZxtrBLZnQA3dJGoNF17nRs=ijp-7v...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
