Secure Coding mailing list archives

RE: Scripting Languages and Secure Coding + code

From: "Robert Shields" <rshields () star net uk>
Date: Fri, 05 Dec 2003 15:19:43 +0000

Hi,

That sounds like a good arguement for parameterized queries.

Regards,
Rob Shields

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 
Sent: 04 December 2003 19:56
To: SC-L
Cc: [EMAIL PROTECTED]
Subject: Re: [SC-L] Scripting Languages and Secure Coding + code

Hey, if you're using SQL there, the user may just enter '%'
or any other 
wilcard char, which makes it a lot easier. When testing 
you'll find that this 
works with just too many apps.


This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
_____________________________________________________________________

Current thread:

Re: Scripting Languages and Secure Coding + code Louis Solomon [SteelBytes] (Dec 05)
- <Possible follow-ups>
- RE: Scripting Languages and Secure Coding + code Robert Shields (Dec 05)
- Re: Scripting Languages and Secure Coding + code Andrew Rucker Jones (Dec 06)
- Re: Scripting Languages and Secure Coding + code M.K.Pai (Dec 08)