Oracle Development
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsDatabasesOracle Development
Reload this Page

How to prevent SQL INJECTION?

Discuss How to prevent SQL INJECTION? in the Oracle Development forum on Dev Shed.
How to prevent SQL INJECTION? Oracle Development forum discussing administration, Oracle queries, and other Oracle-related topics. Oracle is known as one of the most robust multi-platform relational databases available.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old November 7th, 2004, 06:17 PM
ProggerPete ProggerPete is offline
Contributing User
Dev Shed Beginner (1000 - 1499 posts)
  
Join Date: May 2003
Location: Brisbane, Australia
Posts: 1,438 ProggerPete User rank is Sergeant (500 - 2000 Reputation Level)ProggerPete User rank is Sergeant (500 - 2000 Reputation Level)ProggerPete User rank is Sergeant (500 - 2000 Reputation Level)ProggerPete User rank is Sergeant (500 - 2000 Reputation Level)ProggerPete User rank is Sergeant (500 - 2000 Reputation Level) 
Time spent in forums: 1 Week 1 Day 1 h 16 m 25 sec
Reputation Power: 23
How to prevent SQL INJECTION?
Hi all, I've got a web based application that has a page that builds up a query depending on user selections. What I'm worried about is if evil doers decide to edit the html source to try and sql inject evil commands into the resulting sql query.

Is there a query end tag in oracle like the one in sql server? I'm quite happy for their code to cause a sql parse error, but I don't want them ending the query and then sending arbitrary commands to my database.

My thinking at the moment is that if I know what to search for I can check the resulting query for escape chars or anything else that looks like it might be evil before I use it.
__________________
Like the answers I give? Why not ask me directly at my forum. I'm always glad to help.

Javascript scripts and tips can be found at Dynamic Tools.
Check out DynamicTable, the best javascript table sorter around.
Get reliable and affordable hosting at www.thinksmarthosting.com
Reply With Quote
  #2  
Old November 8th, 2004, 03:11 AM
pabloj's Avatar
pabloj pabloj is offline
Modding: Oracle MsSQL Firebird
Dev Shed God 6th Plane (7500 - 7999 posts)
  
Join Date: Jun 2001
Location: Outside US
Posts: 7,925 pabloj User rank is Captain (20000 - 30000 Reputation Level)pabloj User rank is Captain (20000 - 30000 Reputation Level)pabloj User rank is Captain (20000 - 30000 Reputation Level)pabloj User rank is Captain (20000 - 30000 Reputation Level)pabloj User rank is Captain (20000 - 30000 Reputation Level)pabloj User rank is Captain (20000 - 30000 Reputation Level)pabloj User rank is Captain (20000 - 30000 Reputation Level)pabloj User rank is Captain (20000 - 30000 Reputation Level)pabloj User rank is Captain (20000 - 30000 Reputation Level) 
Time spent in forums: 2 Months 3 Weeks 3 Days 20 h 9 m 23 sec
Reputation Power: 279
Reply With Quote
  #3  
Old November 8th, 2004, 05:10 PM
ProggerPete ProggerPete is offline
Contributing User
Dev Shed Beginner (1000 - 1499 posts)
  
Join Date: May 2003
Location: Brisbane, Australia
Posts: 1,438 ProggerPete User rank is Sergeant (500 - 2000 Reputation Level)ProggerPete User rank is Sergeant (500 - 2000 Reputation Level)ProggerPete User rank is Sergeant (500 - 2000 Reputation Level)ProggerPete User rank is Sergeant (500 - 2000 Reputation Level)ProggerPete User rank is Sergeant (500 - 2000 Reputation Level) 
Time spent in forums: 1 Week 1 Day 1 h 16 m 25 sec
Reputation Power: 23
That makes interesting reading but doesn't actually address my specific question.

I want to know if there is a query terminating character in oracle. If they can't terminate the query they are very unlikely to produce a valid sql statement.
Reply With Quote
Reply

Viewing: Dev Shed ForumsDatabasesOracle Development > How to prevent SQL INJECTION?

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 5 hosted by Hostway
Stay green...Green IT