VC++ / MFC / C++

Results 1 to 15 of 16

Thread: SQL injection

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

Previous Post

Next Post

April 27th, 2008, 08:33 PM #1
johnsonlim026

View Profile

View Forum Posts

Member
Join Date

Jul 2006

Posts

141
SQL injection

Hi Experts,
My system is now having a serious problem that is SQL injection.Almost all the insert or update sql are written in this way:

Insert into tableName(field1, field2, field2) values('"& value1 &"','"& value2 &"','"& value3 &"')

I have founded out two solutions for this
(1). Add ' when ' is found.
Example :
Insert into tableName(field1, field2, field2) values('"& replace(value1,"'","''") &"','"& replace(value2,"'","''") &"','"& replace(value2,"'","''") &"')

(2).Use parameter
Example : dbconn.MyCommand.CommandText = "select id from tpuser.userid where id=?id "
dbconn.MyCommand.Parameters.Add("?id", Me.txtUserID.Text)
dbconn.MyCommand.Parameters.Add("?pwd", Me.txtPwd.Text)

I am now in the way of implementing the second solution into my system.I am thinking a fastest way to solve this but have no idea to do this.
Does anyone has any idea in this?Is it possible to set up a global function to be used for the whole system?
Thank you.

Reply With Quote

Quick Navigation Database Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Click Here to Expand Forum to Full Width

Featured

The Best Reasons to Target Windows 8

* Porting from Android to Windows 8: The Real Story
Do you have an Android application? How hard would it really be to port to Windows 8?
* Guide to Porting Android Applications to Windows 8
If you've already built for Android, learn what do you really need to know to port your application to Windows Phone 8.
* HTML5 Development Center
Our portal for articles, videos, and news on HTML5, CSS3, and JavaScript
* Windows App Gallery
See the Windows 8.x apps we've spotlighted or submit your own app to the gallery!

Terms and Conditions | About Us | Privacy Notice | Contact Us | Advertise | Sitemap| California - Do Not Sell My Info

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

All times are GMT -5. The time now is 04:21 AM.

Copyright TechnologyAdvice