On Fri, Jun 24, 2011 at 10:52 PM, Ken Dibble <[email protected]> wrote: > >> Granted VFP program >>design is 95% prone to sql injection. You combine text to form the >>command and you execute that generated statement. Poof SQL Injection >>is going to be difficult to stop. > > I'm obviously completely ignorant about this because I do not understand > this "SQL Injection" issue. > > In order to execute code that modifies a table you have to have a valid > EXECUTABLE statement, right? > > So something like "DROP TABLE" would be a bad thing. What I don't > understand is how any sane person would design a query interface that > results in a statement like "DROP TABLE" being *executed*. ----------------------
<http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/> -- Stephen Russell Unified Health Services 60 Germantown Court Suite 220 Cordova, TN 38018 Telephone: 888.510.2667 901.246-0159 cell _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
