Are SQL injection attacks
really a big issue using CGIDEV2?

The "language" used has nothing to do with the issue of SQL Injection.
If you're concatenating values from your website into a string to send
to the sql engine (DB2, Oracle, SQLServer, MySQL, etc.) it's an issue.


Ahh.. now I see. building the SQL string in your website and sending it to
the server. Not a good idea. I never do that. I send each variable
separately, validate, then build my dynamic SQL statement.

Brad


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.