Proper way to instantiate a class

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Proper way to instantiate a class

Message

From

19/12/2005 13:04:11

Rod Paddock
Dash Point Software, Inc.
Gig Harbor, Washington, United States

19/12/2005 12:35:32

Michel Fournier
Level Extreme Inc.
Petit-Rocher, New Brunswick, Canada

General information

Forum:

ASP.NET

Category:

Class design

Title:

Re: Proper way to instantiate a class

Miscellaneous

Thread ID:

01079105

Message ID:

01079249

Views:

With SQL server (if that is the database in question) somone could inject extra SQL statements where you concatenate your SQL string...

SQL server can process multiple sql statements in a batch. For instance they could enter SELECT * from users or some other statement in the username property you are using and SQL will run another query.

Here's a more detailed article on SQL injection

http://www.4guysfromrolla.com/webtech/061902-1.shtml

You can also google "SQL injection" to find a number of articles on the subject.

Rodman

Rod Paddock
Editor in Chief CoDe Magazine
President Dash Point Software, Inc.
VP Red Matrix Technologies,Inc.

Map

View

Click here to load this message in the networking platform