msbachman wrote:SQL injection works because quotes are used to block off strings. People can then add a quote or two to couple the standard input with something that always evaluates to be true via an 'OR'.
If that's not the sort of answer you're looking for then clarify what you mean by "why SQL injection works."
HyperShadow243 wrote:I don't know what the syntax would be for SQL but thinking in C++ one way would be to only allow alphanumerical symbols. So if a quotation mark or exclamation point or -- was submitted, it would complain and not allow the user entry. At least that's what I thought of. I'm sure there are way better ways of stopping SQL injections than this though :/
HyperShadow243 wrote:On a side note though, why wouldn't the method you stated be effective?
Users browsing this forum: No registered users and 0 guests