I had been heard "SQL Injection" since last 2 years, but until now I still haven't completely implement it on my website.
Last time Francis Pang hack into my website by login as my username to post here. Owcs also got mention to me about this. Furthermore, my colleague recently keep on remind us to avoid SQL Injection coding style.
Here some nice SQL Injection Walkthrough, teach us how to become web hackers.
Here I found some common solution for "SQL Injection" -- SQL Injection Attacks: Are You Safe?. But I dun think I can implements the killChars() function here. (I already implements stripQuotes() function long time ago)
Other than SQL Injection, I also found this -- Calling MS Access Parameterized Queries from ASP. Something like Hibernate, manage all the queries in one place. I think I will implements this as well.
No comments:
Post a Comment