Hello,
I've been developing data driven sites for about 3 years now, yet within a controlled corporate environment. The treat of someone writing an SQL statement within one of my text boxes has been very low. Over the years I've seen and had a few discussion with my peers in respect to protecting the database from someone with enough knowledge about HTTP and SQL to write an SQL statement that will drop my Database within one of my text boxes. BAM and I'm down in the water! I have since then created a few data driven sites on the Internet and every once in a while I
think about someone dropping my site with this technique. In Theory, All I have to do is parse for a few of the special programming characters and replace them with the ASSCII equivelent...so I believe.
SO MY QUESTION:
Does anyone know where is a good online tutorial in any languge that addresses this issue? I would prefer the PHP3 version so I know the methods I can work with but any language would do since I'm able to identify similar methods across programming language.....Hail the method makers!
Mike
I've been developing data driven sites for about 3 years now, yet within a controlled corporate environment. The treat of someone writing an SQL statement within one of my text boxes has been very low. Over the years I've seen and had a few discussion with my peers in respect to protecting the database from someone with enough knowledge about HTTP and SQL to write an SQL statement that will drop my Database within one of my text boxes. BAM and I'm down in the water! I have since then created a few data driven sites on the Internet and every once in a while I
think about someone dropping my site with this technique. In Theory, All I have to do is parse for a few of the special programming characters and replace them with the ASSCII equivelent...so I believe.
SO MY QUESTION:
Does anyone know where is a good online tutorial in any languge that addresses this issue? I would prefer the PHP3 version so I know the methods I can work with but any language would do since I'm able to identify similar methods across programming language.....Hail the method makers!
Mike