Bugtraq mailing list archives
Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory)
From: ct7 () UNICORNSREST ORG (W. Craig Trader)
Date: Wed, 9 Feb 2000 12:17:01 -0500
"Smith, Eric V." wrote:
Not true, at least for the case of MS Sql Server 7. The following statement: insert into customer (name, primary_contact) values ('a', '4') succeeds where primary_contact is of type int (I also tried numeric just to be sure). I write code like this all of the time when I know the column names but not their types. Did you actually try this yourself before posting? What results did you observe?
I don't have a copy of SQL Server lying around, but I can speak to several other RDBMSes (Oracle 7 & 8, MS Access, MySQL, Informix, and other lesser products) as well as the SQL 89 and SQL 92 standards. In standard SQL, you must not use quotes around non-string constants. Numeric constrants must be unquoted, Date/Time constants must use the Date/Time delimiter (# for MS Access, other characters for other products). Have you ever used anything besides Microsoft RDBMSes? Microsoft is not well known for their ability to adhere to industry standards. - Craig -
Current thread:
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory), (continued)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Jaanus Kase (Feb 04)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Aaron Ross (Feb 08)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Jeremy Whittington (Feb 08)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Barclay Osborn (Feb 04)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) van der Meulen, Robert (Feb 05)
- DBI bind values [was Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory)] Kelly.Setzer () INGRAMENTERTAINMENT COM (Feb 07)
- Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0 Jamie Fifield (Feb 05)
- Re: Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0 Torsten Landschoff (Feb 08)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) rain forest puppy (Feb 08)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Smith, Eric V. (Feb 09)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) W. Craig Trader (Feb 09)
- FireWall-1 FTP Server Vulnerability John McDonald (Feb 09)
- ASP Security Hole (fwd) bgreenbaum () SECURITYFOCUS COM (Feb 09)
- Re: ASP Security Hole (fwd) Rob Systhine (Feb 10)
- Multiple firewalls: FTP Application Level Gateway "PASV" Vulnerability Mikael Olsson (Feb 10)
- NT Service Pack requirements (Bell Atlantic DSL) Bob Kline (Feb 10)
- Re: NT Service Pack requirements (Bell Atlantic DSL) Jonathan M. Bresler (Feb 11)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Jaanus Kase (Feb 04)