[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Exam Q - SQL

Posted on 2009-07-01
5
Medium Priority
?
191 Views
Last Modified: 2012-05-07
ideas:?

Preventing SQL Injection
Example 1 - Escaping single quotes.


The function above is one method of sanitising user input and preventing SQL Injection attacks. What does this function do?

ideas?

Function Escape (input)
input = replace(input, ''""", ''''''")
escape = input 
end function

Open in new window

0
Comment
Question by:churchhousetrust
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 24757936
>input = replace(input, ''""", ''''''")
that code is incorrect (invalid syntax)

anyhow, what the function is supposed to do is to escape the single quote as 2 single quotes, so it will work correctly without making it fail.

note: the REAL solution is not to use escaping , but using parameters
0
 
LVL 1

Author Comment

by:churchhousetrust
ID: 24762602
?

answer options...

a) changes to the user input to uppercase characters.
b) doubles up single quotation marks
c) removes spaces between characters.
d) none of the above.

0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 24762689
I see.

now, read my comment anyhow, and you will find the correct answer from the 4 options (hint: it is not d)

let me post the correct quote double quote version of the line that is problematic:

input = replace(input, '''', '''''' )

or, depending on the code language you are using:
input = replace(input, "'", "''")


0
 
LVL 1

Author Comment

by:churchhousetrust
ID: 24763044
c? - i hate programming
0
 
LVL 143

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 1500 total points
ID: 24763129
>c) removes spaces between characters.
what make you choose that? is there any space in the string?
try to find the specification of the REPLACE() function, and see what you have to pass to it to remove spaces.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
Ransomware, the malware that locks down its victim’s files until they pay up, has always been a frustrating issue to deal with. However, a recent mobile ransomware will make the issue a little more personal… by sharing the victim’s mobile browsing h…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question