WebApp Sec mailing list archives
RE: SQL Injection Basics
From: "Forrest Lee Andrews" <lee.andrews () cox net>
Date: Mon, 10 Feb 2003 10:47:47 -0600
The "'" mark is in fact used in SQL Statements when using VB\VBScript: Dim sql as string sql = "select * from foo where bar = 'baz'" -----Original Message----- From: Nick Jacobsen [mailto:nick () ethicsdesign com] Sent: Monday, February 10, 2003 5:07 AM To: Loki; raul.johhut () hushmail com Cc: webappsec () securityfocus com Subject: Re: SQL Injection Basics Hmm... just a gues here, but if a developer is using VBScript as the scripting language, would SQL injection be impossible, since in VBScript the " ' " mark is a comment mark, and therefore never used in SQL statements? Nick J nick () ethicsdesign com
Current thread:
- SQL Injection Basics raul . johhut (Feb 08)
- Re: SQL Injection Basics Loki (Feb 09)
- Re: SQL Injection Basics Nick Jacobsen (Feb 10)
- RE: SQL Injection Basics Forrest Lee Andrews (Feb 10)
- RE: SQL Injection Basics Dennis Hurst (Feb 10)
- Re: SQL Injection Basics Nick Jacobsen (Feb 10)
- Re: SQL Injection Basics Dave Aitel (Feb 10)
- RE: SQL Injection Basics Dennis Hurst (Feb 10)
- Re: SQL Injection Basics Taco Fleur (Feb 10)
- RE: SQL Injection Basics Robert Nilsen (Feb 10)
- Re: SQL Injection Basics Dirk Gomez (Feb 10)
- RE: SQL Injection Basics Keith Smith (Feb 10)
- Re: SQL Injection Basics Kevin Spett (Feb 10)
- Re: SQL Injection Basics Dejan Bosanac (Feb 11)
- Re: SQL Injection Basics Nick Jacobsen (Feb 10)
- Re: SQL Injection Basics Loki (Feb 09)