Bugtraq mailing list archives
Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory)
From: EricSmith () WINDSOR COM (Smith, Eric V.)
Date: Wed, 9 Feb 2000 06:35:46 -0500
Not true, at least for the case of MS Sql Server 7. The following statement: insert into customer (name, primary_contact) values ('a', '4') succeeds where primary_contact is of type int (I also tried numeric just to be sure). I write code like this all of the time when I know the column names but not their types. Did you actually try this yourself before posting? What results did you observe? Eric.
-----Original Message----- From: Jeremy Whittington [mailto:jwhitt () INSIDERMARKETING COM] Sent: Tuesday, February 08, 2000 10:52 AM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Hello, I would like to make a comment on your statment about SQL Syntax and how you deal with numeric values.If you're stating that you cannot enclose your numericvalues in singlequotes in SQL query strings, it seems to be incorrect. I'malso using SQL asmy backend, and I've ALWAYS enclosed numbers in singlequotes, and it hasalways worked.When inserting data into a Numeric datatype you do not use single quotes around the values. If Field2 was a Numeric datatype in this example it would Fail on MS SQL Server 6.5, 7.0 , MS Access 97/2k, Oracle 6i+, and Dbase. INSERT INTO Table (Field1, Field2) Vaules('String','1')
Current thread:
- RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) rain forest puppy (Feb 03)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Jaanus Kase (Feb 04)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Aaron Ross (Feb 08)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Jeremy Whittington (Feb 08)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Barclay Osborn (Feb 04)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) van der Meulen, Robert (Feb 05)
- DBI bind values [was Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory)] Kelly.Setzer () INGRAMENTERTAINMENT COM (Feb 07)
- Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0 Jamie Fifield (Feb 05)
- Re: Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0 Torsten Landschoff (Feb 08)
- <Possible follow-ups>
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) rain forest puppy (Feb 08)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Smith, Eric V. (Feb 09)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) W. Craig Trader (Feb 09)
- FireWall-1 FTP Server Vulnerability John McDonald (Feb 09)
- ASP Security Hole (fwd) bgreenbaum () SECURITYFOCUS COM (Feb 09)
- Re: ASP Security Hole (fwd) Rob Systhine (Feb 10)
- Multiple firewalls: FTP Application Level Gateway "PASV" Vulnerability Mikael Olsson (Feb 10)
- NT Service Pack requirements (Bell Atlantic DSL) Bob Kline (Feb 10)
- Re: NT Service Pack requirements (Bell Atlantic DSL) Jonathan M. Bresler (Feb 11)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Jaanus Kase (Feb 04)