Solved

Exam Q - SQL

Posted on 2009-07-01
5
185 Views
Last Modified: 2012-05-07
ideas:?

Preventing SQL Injection
Example 1 - Escaping single quotes.


The function above is one method of sanitising user input and preventing SQL Injection attacks. What does this function do?

ideas?

Function Escape (input)
input = replace(input, ''""", ''''''")
escape = input 
end function

Open in new window

0
Comment
Question by:churchhousetrust
  • 3
  • 2
5 Comments
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 24757936
>input = replace(input, ''""", ''''''")
that code is incorrect (invalid syntax)

anyhow, what the function is supposed to do is to escape the single quote as 2 single quotes, so it will work correctly without making it fail.

note: the REAL solution is not to use escaping , but using parameters
0
 
LVL 1

Author Comment

by:churchhousetrust
ID: 24762602
?

answer options...

a) changes to the user input to uppercase characters.
b) doubles up single quotation marks
c) removes spaces between characters.
d) none of the above.

0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 24762689
I see.

now, read my comment anyhow, and you will find the correct answer from the 4 options (hint: it is not d)

let me post the correct quote double quote version of the line that is problematic:

input = replace(input, '''', '''''' )

or, depending on the code language you are using:
input = replace(input, "'", "''")


0
 
LVL 1

Author Comment

by:churchhousetrust
ID: 24763044
c? - i hate programming
0
 
LVL 143

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 500 total points
ID: 24763129
>c) removes spaces between characters.
what make you choose that? is there any space in the string?
try to find the specification of the REPLACE() function, and see what you have to pass to it to remove spaces.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question