September 30th, 2003, 01:41 PM
preventing an SQL login hack
As most of you may or may not know, when you have a username and login screen, ie:
where name = 'name'
and pw = 'pw'
there is a way to make this statement always return true, allowing you to bypass/hack in.
Does MS SQL have any built in function to prevent this, or anyone have any suggestions?
February 27th, 2004, 06:59 AM
There are some possibilities to make such statements allways true. Each one has prevent functions.
Which one of them do you mean?
Originally Posted by Demigorgon
February 27th, 2004, 11:32 AM
User Replace function in your application
e.g. in VBasic : Replace(Username, "'", " ")
single quotes = rem --> they are very dangerous