Re: Any suggestions ?

From: Anurag Varma <anuragvidya_at_gmail.com>
Date: 14 Jan 2005 14:02:32 -0800
Message-ID: <1105740152.889862.255770@c13g2000cwb.googlegroups.com>

It appears that you are opening your app to a sql injection attack.
A single quote in any of the fields would result in the above error. essentially turning your sql to something like this: select * from cottages, pricebands where location = 'D'angelo st' ...... (i.e. unescaped single quote). Use bind variables .. for performance .. and security!

Anurag Received on Fri Jan 14 2005 - 16:02:32 CST

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US