SQL Injection detection

**Cowboy \(Gregory A. Beamer\)** · Mar 12 '08, 05:55 PM

Re: SQL Injection detection

You can run regex, but you have to be careful that the things you are
looking for. Generally things like:

' or userName is not null --

You can find the patterns, but what if the pattern is legal in a string? You
then throw out things that are valid. Better to parameterize.

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

*************** *************** *************** ****
| Think outside the box!
|
*************** *************** *************** ****
"GMartin" <glenn.e.martin @gmail.comwrote in message
news:61423ca3-e4e0-4b15-9f5e-ef619cb2e0a2@b1 g2000hsg.google groups.com...

Besides parameterizing SQL or using Stored Procedures, is there any
reliable way to test if a string has an SQL Injection attack. ...For
example, can one use the same method ADO uses when examining
parameters to detect SQL Injection?

SQL Injection detection

SQL Injection detection

Comment