I pass a few values through URL variable that I use in where clauses in my
SQL. I want to prevent someone from passing malicious SQL through that
value. What are my options??
Kevin Schmidt
Internet Services Director
PWB Integrated Marketing and Communications
Office: 734.995.5000
Mobile:
Message -
From: "Kevin Schmidt" [EMAIL PROTECTED]
To: "CF-Talk" [EMAIL PROTECTED]
Sent: Monday, November 13, 2000 10:41 AM
Subject: Security and SQL
I pass a few values through URL variable that I use in where clauses in my
SQL. I want to prevent someone from passing m
If your values are always numbers, always use the Val() funtion .. It
returns the number if it is a number and returns a 0 if anything else.
Otherwise, make sure you put single quotes aroung the variable. There are
many other things you can do, but those 2 will take care of a lot of the
basic
TECTED]
Sent: Monday, November 13, 2000 10:41 AM
Subject: Security and SQL
I pass a few values through URL variable that I use in where clauses in my
SQL. I want to prevent someone from passing malicious SQL through that
value. What are my options??
Kevin Schmidt
Internet Services Director
PWB
You can also convert your URL LINK to FORM LINKS then you can test in the receiving
page to see that the #http_referer# is coming from the Page you want it to.
this is a start.
Nathan
www.cftipsplus.com
-- Original Message --
From: "Kevin Schmidt"
5 matches
Mail list logo
