Solved

Exam Q - SQL

Posted on 2009-07-01
5
186 Views
Last Modified: 2012-05-07
ideas:?

Preventing SQL Injection
Example 1 - Escaping single quotes.


The function above is one method of sanitising user input and preventing SQL Injection attacks. What does this function do?

ideas?

Function Escape (input)
input = replace(input, ''""", ''''''")
escape = input 
end function

Open in new window

0
Comment
Question by:churchhousetrust
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 24757936
>input = replace(input, ''""", ''''''")
that code is incorrect (invalid syntax)

anyhow, what the function is supposed to do is to escape the single quote as 2 single quotes, so it will work correctly without making it fail.

note: the REAL solution is not to use escaping , but using parameters
0
 
LVL 1

Author Comment

by:churchhousetrust
ID: 24762602
?

answer options...

a) changes to the user input to uppercase characters.
b) doubles up single quotation marks
c) removes spaces between characters.
d) none of the above.

0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 24762689
I see.

now, read my comment anyhow, and you will find the correct answer from the 4 options (hint: it is not d)

let me post the correct quote double quote version of the line that is problematic:

input = replace(input, '''', '''''' )

or, depending on the code language you are using:
input = replace(input, "'", "''")


0
 
LVL 1

Author Comment

by:churchhousetrust
ID: 24763044
c? - i hate programming
0
 
LVL 143

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 500 total points
ID: 24763129
>c) removes spaces between characters.
what make you choose that? is there any space in the string?
try to find the specification of the REPLACE() function, and see what you have to pass to it to remove spaces.
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this post we will learn how to make Android Gesture Tutorial and give different functionality whenever a user Touch or Scroll android screen.
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question