https://lobsterpot.com.au/blog/2015/02/10/sql-injection-the-golden-rule/ Wed, 29 Dec 2021 16:33:46 +0000 hourly 1 https://wordpress.org/?v=6.9.4 https://lobsterpot.com.au/blog/2015/02/10/sql-injection-the-golden-rule/#comment-2548 Wed, 29 Dec 2021 16:33:46 +0000 http://blogs.lobsterpot.com.au/?p=3423#comment-2548 Found a typo in your “typo” reply. Mising should be missing.

]]> https://lobsterpot.com.au/blog/2015/02/10/sql-injection-the-golden-rule/#comment-2547 Tue, 02 Apr 2019 12:01:15 +0000 http://blogs.lobsterpot.com.au/?p=3423#comment-2547 […] SQL Injection – the golden rule […]

]]> https://lobsterpot.com.au/blog/2015/02/10/sql-injection-the-golden-rule/#comment-2546 Sat, 21 Feb 2015 04:37:52 +0000 http://blogs.lobsterpot.com.au/?p=3423#comment-2546 Ah yes. Thanks Rich. 🙂

]]> https://lobsterpot.com.au/blog/2015/02/10/sql-injection-the-golden-rule/#comment-2545 Fri, 20 Feb 2015 17:54:05 +0000 http://blogs.lobsterpot.com.au/?p=3423#comment-2545 Found a couple of typos in your code that prevent it from executing:
"where object_id = object_id(@tablename) and name = @fitercol; "
should be @filtercol (mising the "l")
and I believe you’ll need an "N" in the sp_executesql statement for the parameter @val, as sp_executesql requires Unicode parameters.

]]> https://lobsterpot.com.au/blog/2015/02/10/sql-injection-the-golden-rule/#comment-2544 Fri, 20 Feb 2015 02:45:54 +0000 http://blogs.lobsterpot.com.au/?p=3423#comment-2544 Succinct Quote to explain SQL Injection.
Thank you.

]]> https://lobsterpot.com.au/blog/2015/02/10/sql-injection-the-golden-rule/#comment-2543 Fri, 13 Feb 2015 19:35:02 +0000 http://blogs.lobsterpot.com.au/?p=3423#comment-2543 Excellent post, thanks for this!  I’ll be sharing this page liberally 🙂

]]>