We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Exam Q - SQL

Medium Priority
213 Views
Last Modified: 2012-05-07
ideas:?

Preventing SQL Injection
Example 1 - Escaping single quotes.


The function above is one method of sanitising user input and preventing SQL Injection attacks. What does this function do?

ideas?

Function Escape (input)
input = replace(input, ''""", ''''''")
escape = input 
end function

Open in new window

Comment
Watch Question

Guy Hengel [angelIII / a3]Billing Engineer
CERTIFIED EXPERT
Most Valuable Expert 2014
Top Expert 2009

Commented:
>input = replace(input, ''""", ''''''")
that code is incorrect (invalid syntax)

anyhow, what the function is supposed to do is to escape the single quote as 2 single quotes, so it will work correctly without making it fail.

note: the REAL solution is not to use escaping , but using parameters

Author

Commented:
?

answer options...

a) changes to the user input to uppercase characters.
b) doubles up single quotation marks
c) removes spaces between characters.
d) none of the above.

Guy Hengel [angelIII / a3]Billing Engineer
CERTIFIED EXPERT
Most Valuable Expert 2014
Top Expert 2009

Commented:
I see.

now, read my comment anyhow, and you will find the correct answer from the 4 options (hint: it is not d)

let me post the correct quote double quote version of the line that is problematic:

input = replace(input, '''', '''''' )

or, depending on the code language you are using:
input = replace(input, "'", "''")


Author

Commented:
c? - i hate programming
Billing Engineer
CERTIFIED EXPERT
Most Valuable Expert 2014
Top Expert 2009
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.