asked on
how to prevent the MS SQL 2000 database from data injection attack
hello:
i'm using php and ms sql 2000. a few days ago, the tables get attacked. the data in the table is inserted some wired string.
i serached online, it seems that using parepared statemment can prevert this attack. not so sure how to use the prepared statment and its requirement?
could some expert here have some suggestion about data injection attack on ms sql 2000?
thank you so much!
i'm using php and ms sql 2000. a few days ago, the tables get attacked. the data in the table is inserted some wired string.
i serached online, it seems that using parepared statemment can prevert this attack. not so sure how to use the prepared statment and its requirement?
could some expert here have some suggestion about data injection attack on ms sql 2000?
thank you so much!
PHPMicrosoft SQL Server
Last Comment
Plowmister
Use stored procedures for all interaction from your web code to the database...and validate ALL input coming from your web pages.
ASKER
may you post an example for using stored procedures, i don't know how to do that....
thank you so much !
thank you so much !
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
thank much for your reply.
do you think using parepared statemment can prevert this attack?
do you think using parepared statemment can prevert this attack?
potentially...
ASKER
may you explain why the prepared statement can prevent data injection?
also you mentioned that validate every input. how to validate input could provent data injection ?
last question:
how data injection is envoked?
thank so much !
also you mentioned that validate every input. how to validate input could provent data injection ?
last question:
how data injection is envoked?
thank so much !
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
may you explain a little how can data injection happen?
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
may you explain why the prepared statement can prevent data injection?
what doyou mean?
ASKER
well, i don't know how prepared statement can prevent data injection?
i thought, it is just a placeholder in the statement. and the value of the placeholder will be replaced by the form variable. and the form variable input by a random user, this user can input the bad sql from the form. so the placeholder in the prepared statament still get the embedded sql
so i don't know how prepared statement can prevent data injection?
i thought, it is just a placeholder in the statement. and the value of the placeholder will be replaced by the form variable. and the form variable input by a random user, this user can input the bad sql from the form. so the placeholder in the prepared statament still get the embedded sql
so i don't know how prepared statement can prevent data injection?
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.