M
MattB
I have a name lookup form that passes the contents of two text boxes to
a sql query. I've noticed that someone can substitute % for letters and
wildcard the query. I know I could just disallow that character, but is
there a commonly accepted way to stop all of these kinds of attacks?
I see asp.net automatically disallows characters like "<>" but not %.
What else should I be on the lookout for? Thanks!
Matt
a sql query. I've noticed that someone can substitute % for letters and
wildcard the query. I know I could just disallow that character, but is
there a commonly accepted way to stop all of these kinds of attacks?
I see asp.net automatically disallows characters like "<>" but not %.
What else should I be on the lookout for? Thanks!
Matt