Well, I'm going to stop now - it seems you just don't want to see the obvious. The idea is if you use data entered by user in your SQL strings, something bad will happen. Fortunatelly, VFP doesn't allow multiple commands per line, and that prohibits dropping the tables or deleting the records, but as soon as you get out the VFP environment, I wish you good luck.
Unbelievable. There are TONS of books saying "sanitize your input strings" and "use parameters for sql queries" and you're giving me this shit. WTF. I guess some people just want to learn it by the hard way. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ken Dibble Sent: Saturday, June 25, 2011 8:35 PM To: [email protected] Subject: RE: [NF] Questions on migrating VFP app In VFP, the error is "Command contains unrecognized phrase/keyword" >And THAT is sql injection. It crashes your application. I guess. It doesn't crash the server, just the data-entry front-end. And it wouldn't have to do that if I wrapped it in a TRY... CATCH and just returned "Invalid Entry" when it happened. So it only crashes one desktop app--what good does that do anybody? I think you're stretching here. *LOL* Ken www.stic-cil.org [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
