Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
WestWind/database filter help
Message
From
28/06/2011 04:28:16
Tore Bleken (Online)
Vear, Norway
 
 
To
27/06/2011 17:23:12
Al Doman
M3 Enterprises Inc.
North Vancouver, British Columbia, Canada
General information
Forum:
Visual FoxPro
Category:
Coding, syntax & commands
Title:
Re: WestWind/database filter help
Miscellaneous
Thread ID:
01516279
Message ID:
01516472
Views:
66
>>>>Look at SQLEXEC() function.
>>>>
>>>>Also, it's bad practice to embed parameters into your sql query. It opens you up to SQL injection attacks.
>>>
>>>http://xkcd.com/327/
>>
>>I have always loved this XKCD.
>>
>>Technically he's wrong. He should say parameterize but sanitize fits in the space better :)
>>
>>http://select-into.blogspot.com/2011/01/little-bobby-tables.html
>
>Thanks for the link - that's the most concise explanation of strategies for migitation of SQL Injection I've ever seen.

A friend of my son actually managed to get a company registered with a name which was created with sql injection in mind, as a joke. http://mrbadak.com/2009/04/24/sql-injection-fail/
Gone phishing

How to create sample data
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform