|
Brians later post about Stored Procs is one answer, or simply use parameter markers in the sql statement and prepare it. And yes, scrubbing the input data is also helpful. I know there are reverse proxy servers out there that also scrub the data returned on a form based on what was sent out. That is, if you send out a form with a drop-down with values 'Red', 'Green' and 'Blue' the proxy will detect and reject a post where the drop-down has a value of 'Purple' -Walden ------------ Walden H Leverich III Tech Software (516) 627-3800 x3051 WaldenL@xxxxxxxxxxxxxxx http://www.TechSoftInc.com Quiquid latine dictum sit altum viditur. (Whatever is said in Latin seems profound.)
This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
