WebApp Sec mailing list archives

SQL njection 2

From: falcifer <falcifer2001 () yahoo es>
Date: 20 Apr 2003 20:45:19 +0000

how can i insert an isert command in a sql sentence that looks like
select * from parameter???
the database is access and when i try to insert something like 

pameter=table;insert%20into%20clientes(uspw,pwus)%20values('j','j')

the ODBC returns this error

error '80040e14' 

[Microsoft][Controlador ODBC Microsoft Access] Se encontraron caracteres
después del final de la instrucción SQL. 


/visornew.asp, line 10

it means: "there are characteres after the the sql sentence"
-- 
falcifer <falcifer2001 () yahoo es>

Current thread:

SQL njection 2 falcifer (Apr 20)
- Re: SQL njection 2 Juan Carlos Reyes Muñoz (Apr 20)
- <Possible follow-ups>
- RE: SQL njection 2 Calderon, Juan C (CORP, DDEMESIS) (Apr 21)