SQL Injection detection

G

GMartin

Besides parameterizing SQL or using Stored Procedures, is there any
reliable way to test if a string has an SQL Injection attack. ...For
example, can one use the same method ADO uses when examining
parameters to detect SQL Injection?
 
C

Cowboy \(Gregory A. Beamer\)

You can run regex, but you have to be careful that the things you are
looking for. Generally things like:

' or userName is not null --

You can find the patterns, but what if the pattern is legal in a string? You
then throw out things that are valid. Better to parameterize.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SQL Injection with JDBC 37
SQL Injection 4
SQL Injection Attacks 4
sql injection 1
sql injection problem 2
Spoofing a TCP/IP address? Stopping SQL Injection..... 4
How can I create an innocuous SQL injection attempt to test apps and evaluate the result programmati 7
Avoiding SQL Injection with FormView controls 7

Members online

Total: 30 (members: 1, guests: 29)
Robots: 457

Forum statistics

Threads
473,769
Messages
2,569,581
Members
45,055
Latest member
SlimSparkKetoACVReview

Latest Threads

Top