Re: SQL Injection

VT Venkatesh wrote:
Can some one throw light on how to prevent SQL injection with Delphi 2005/2006

Unless you're building your queries on the fly and populating the parameters by embedding strings directly I believe the framework (dbExpress, etc.) will actually prevent SQL injection.

As I understand it, SQL injection occurs when someone types in characters via a front-end that change a SQL statement so that it executes something unintended (like an update statement).

If someone knows of any loopholes in the Delphi DB libraries I'd be interested to know, but I'm not aware of any...

Cheers,
Kevin.
.

Relevant Pages

  • Re: SQL Parameters using the IN keyword
    ... this is a chronic problem with databases. ... The easiest way is to create sql statement dynamically. ... This is more tedious but you don't have problem with sql injection if done ... > on what is selected in the other grid. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Win32 Needs
    ... Chris Morgan wrote: ... with SQL injection. ... use pre-prepared parameterised queries for that. ... Can you provide an example where you get a different SQL statement by using a "special" string value? ...
    (borland.public.delphi.non-technical)
  • Re: Need pointer to Java/JSP security
    ... I know I could use one of those frameworks, but the idea is that I show and get rid of security issues myself, without a framework. ... And all that using various code for many kinds of attacks not just SQL injection. ...
    (comp.lang.java.programmer)
  • Re: Need pointer to Java/JSP security
    ... I know I could use one of those frameworks, but the idea is that I show and get rid of security issues myself, without a framework. ... And all that using various code for many kinds of attacks not just SQL injection. ...
    (comp.lang.java.programmer)