Black list to secure site
Posted by:
Guy Eli
Date: February 02, 2009 11:20AM
Hello,
I am using .NET appllication and need to face SQL injections through cookies forms and querystrings.
What I am doing is verify user input is different the forbidden keys so SQL injection will be impossible. I have a black list for SQL server.
Whay I need is an updates mySQL black list as the list below.
public static string[] blackList = {"--",";--",";","/*","*/","@@",
" char"," nchar"," varchar"," nvarchar"," int",
"alter ","begin ","cast","create ","cursor ","declare ","delete ","drop ","end","exec ","execute ",
"fetch ","insert ","kill ","open ",
"select ", " sys","sysobjects","syscolumns", "table ","update "};
Not that I ever recieve any answer in this forums, but I keep trying :)
Thank you .