I am having problem with this SQL in MS Access:
This query seem like working fine in most SQL software but not in MS Access. Either I or MS Access suck.
Sunday, July 8, 2007
Saturday, July 7, 2007
SQL Injection
I had been heard "SQL Injection" since last 2 years, but until now I still haven't completely implement it on my website.
Last time Francis Pang hack into my website by login as my username to post here. Owcs also got mention to me about this. Furthermore, my colleague recently keep on remind us to avoid SQL Injection coding style.
Here some nice SQL Injection Walkthrough, teach us how to become web hackers.
Here I found some common solution for "SQL Injection" -- SQL Injection Attacks: Are You Safe?. But I dun think I can implements the killChars() function here. (I already implements stripQuotes() function long time ago)
Other than SQL Injection, I also found this -- Calling MS Access Parameterized Queries from ASP. Something like Hibernate, manage all the queries in one place. I think I will implements this as well.
Last time Francis Pang hack into my website by login as my username to post here. Owcs also got mention to me about this. Furthermore, my colleague recently keep on remind us to avoid SQL Injection coding style.
Here some nice SQL Injection Walkthrough, teach us how to become web hackers.
Here I found some common solution for "SQL Injection" -- SQL Injection Attacks: Are You Safe?. But I dun think I can implements the killChars() function here. (I already implements stripQuotes() function long time ago)
Other than SQL Injection, I also found this -- Calling MS Access Parameterized Queries from ASP. Something like Hibernate, manage all the queries in one place. I think I will implements this as well.
Tuesday, July 3, 2007
Char to Varchar
I am facing some problem in some SQL coding recently.
The problem is like this:
A database field having a data type of Char[3], when using java coding style to execute the SQL, it automatically convert the data to java.lang.Character, which I don't understand why a Char[3] (Example: "abc") can converted into java.lang.Character (Example: "a"). The last 2 characters had been eaten.
So, my solution will be changing the SQL code from [select testAbc from tableAbc] to [select cast(testAbc, varchar(3)) from tableAbc]. With the help of "Cast", it finally manage to convert the data to java.lang.String & output correctly.
The problem is like this:
A database field having a data type of Char[3], when using java coding style to execute the SQL, it automatically convert the data to java.lang.Character, which I don't understand why a Char[3] (Example: "abc") can converted into java.lang.Character (Example: "a"). The last 2 characters had been eaten.
So, my solution will be changing the SQL code from [select testAbc from tableAbc] to [select cast(testAbc, varchar(3)) from tableAbc]. With the help of "Cast", it finally manage to convert the data to java.lang.String & output correctly.
Subscribe to:
Comments (Atom)