On 13/02/2012 22:09, Haluk Karamete wrote:
Gary,
you've mentioned that the user would have had access to the sysobjects
No, there's a difference. *If* they had access to sysobjects then it
could've caused issues.
Ideally, you should have some level of segregation within your database.
That
Gary,
you've mentioned that the user would have had access to the sysobjects
Let's assume he did. The page that this attempt occurred is hard-wired
to display a single record in detail view. In the code, I have a bunch
of echo $row- wrote:
> On 13/02/2012 21:48, Haluk Karamete wrote:
>>
>> My l
sorry, i overlooked that this IS a mysql mailing-list and we are
running ms-sql in this particular case. good catch...
I'd appreciate any insight though.
On Mon, Feb 13, 2012 at 1:56 PM, Gary Smith wrote:
> On 13/02/2012 21:48, Haluk Karamete wrote:
>>
>> My logs shows that we have tried with a
On 13/02/2012 21:48, Haluk Karamete wrote:
My logs shows that we have tried with a SQL Injection attempt, but
our engine has detected and avoided it but I am just curious, what are
these SQL statements are intending to achieve?
SELECT * FROM lecturer WHERE recID='25 ' and exists (select * fro
