Re: SQL Injection Basics

["Jim McGarvey" <mcga0031 () umn edu>]

Mark C., thanks for the info and links.  The Filters Project looks very
promising.  I'd like to try it out when it gets released.

David and Mark M., my mistake: as you've said, that code was not vulnerable
to SQL injection as I had first thought, and just needed a minor correction.

Thanks,
-Jim

----- Original Message -----
From: "Mark Curphey" <mark () curphey com>
To: "Jim McGarvey" <mcga0031 () umn edu>
Cc: <webappsec () securityfocus com>
Sent: Tuesday, February 11, 2003 8:29 PM
Subject: Re: SQL Injection Basics


> Jim,
>
> The OWASP web site is in a bad way; mainly because we (well David
> Raphael) have been building out the long term site, a Java based portal
> which will dynamically build the site with the latest code and
> documentation (all driven through DocBook). Its just not worth
> maintaining the html version of the site as this will come on-line very
> shortly. Our apologies for that but this will be better all around in
> the long term.
>
> You can look at the CVS code for Filters via Web CVS at
>
> http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/owasp/filters/
>
> The next version of the OWASP Guide is being baked and there are code
> examples in the brew. This is draft and DocBook but Appb.xml and
> Appc.xml maybe of interest.
>
> http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/owasp/guide/
>
> The DocBook for Alex's presentation about Filters is also in the Filters
> mailing list archives at
http://sourceforge.net/mailarchive/forum.php?thread_id=1565817&forum_id=1280
9
> Cheers
>
> Mark