Re: SQL Injection
If you look back to the beginning of this topic you will see that I asked how an SQL injection could occur given good programming practise.
By good programming practise I mean doing no more than those things a programmer must do in order to create reliable SQL which is not prone to synatx errors: putting character strings in single quotes, doubling single quotes within strings, validating numbers and dates.
You will also see that I asked to be enlightened with examples of how SQL injection can happen. To date I have received no such enlightenment. I have also read many articles on the subject none of which have been convincing.
So yes, as far as I can see stories of SQL injection are alarmist and my clients can rest easy in the knowledge that I have thoroughly investigated this issue.
But I understand your point that with all this heat there should be some fire. Trouble is all I can see is smoke and mirrors. I'm still waiting for a real world example.
Subject
Written By
Posted
November 28, 2009 10:43AM
November 28, 2009 11:48AM
November 29, 2009 09:32AM
November 30, 2009 12:21PM
November 29, 2009 12:03AM
November 29, 2009 09:49AM
November 29, 2009 11:59AM
November 29, 2009 01:37PM
November 29, 2009 02:36PM
November 29, 2009 03:09PM
November 30, 2009 08:45AM
November 30, 2009 09:51AM
November 30, 2009 10:17AM
Re: SQL Injection
November 30, 2009 08:39AM
November 30, 2009 10:55AM
November 30, 2009 11:34AM
December 01, 2009 04:14AM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.