Avoiding SQL injection without parameters

Very important

To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
You will only see chat messages from people who are at or below your level.
More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

Pages (3): « Previous 1 2 3

Thread Rating:

519 Vote(s) - 3.5 Average
1
2
3
4
5

Options

Avoiding SQL injection without parameters

gamely275356

Valued member

Posts: 0
Threads: 0
Joined: Dec 2020
Reputation: 0

Level: inf [ Level

]
Total Points: inf
Rank nan / 1
100% to upload Level

Activity inf / 1
99% to upload your Rank

Experience nan
100% to upload Experience

Points: 50

#21

07-23-2023, 07:48 AM

I did not see any other answsers address this side of the 'why doing it yourself is bad', but consider a [SQL Truncation attack][1].

There is also the <code>[QUOTENAME][2]</code> T-SQL function that can be helpful if you can't convince them to use params. It catches a lot (all?) of the escaped qoute concerns.

[1]:

[To see links please register here]

[2]:

[To see links please register here]

« Next Oldest

Next Newest »

Pages (3): « Previous 1 2 3

Forum Jump:

Users browsing this thread:

2 Guest(s)