?
Solved

Exam Q - SQL

Posted on 2009-07-01
5
Medium Priority
?
189 Views
Last Modified: 2012-05-07
ideas:?

Preventing SQL Injection
Example 1 - Escaping single quotes.


The function above is one method of sanitising user input and preventing SQL Injection attacks. What does this function do?

ideas?

Function Escape (input)
input = replace(input, ''""", ''''''")
escape = input 
end function

Open in new window

0
Comment
Question by:churchhousetrust
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 24757936
>input = replace(input, ''""", ''''''")
that code is incorrect (invalid syntax)

anyhow, what the function is supposed to do is to escape the single quote as 2 single quotes, so it will work correctly without making it fail.

note: the REAL solution is not to use escaping , but using parameters
0
 
LVL 1

Author Comment

by:churchhousetrust
ID: 24762602
?

answer options...

a) changes to the user input to uppercase characters.
b) doubles up single quotation marks
c) removes spaces between characters.
d) none of the above.

0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 24762689
I see.

now, read my comment anyhow, and you will find the correct answer from the 4 options (hint: it is not d)

let me post the correct quote double quote version of the line that is problematic:

input = replace(input, '''', '''''' )

or, depending on the code language you are using:
input = replace(input, "'", "''")


0
 
LVL 1

Author Comment

by:churchhousetrust
ID: 24763044
c? - i hate programming
0
 
LVL 143

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 1500 total points
ID: 24763129
>c) removes spaces between characters.
what make you choose that? is there any space in the string?
try to find the specification of the REPLACE() function, and see what you have to pass to it to remove spaces.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I’ll look at how you can use a backup to start a secondary instance for MongoDB.
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question