Comments on: SQL Injection Attacks by Example

By: Nicole

Nicole — Tue, 11 Jan 2005 16:06:38 +0000

Yeah, lok-lok, it’s definitely best to sanitize any user input before using it in queries. Of course, beginning PHP programmers don’t always think of that.

I just thought it amazing how much someone could learn about a database knowing only basic SQL injection techniques.

By: lok-lok

lok-lok — Mon, 10 Jan 2005 12:59:43 +0000

very nice article. but when programming the interface to a backend. Wouldnt u first grab the user input then format it in someway.

I mean im no expert on the sql stuff but when i did a couple web programs at uni that’s the approach i took. It seemed the most logical.

But then again when uve got ur boss on ur shoulder…

By: Philip Q

Philip Q — Thu, 06 Jan 2005 05:26:23 +0000

There was an even more interesting webcast (infact, there are several) on MSDN a while back about different penetrative techniques.

The presenter gave several demos of utilising the UNION command when returning data to query the system tables and extract specific details about the tables, their columns and stored procedures in the database.