 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
SQL Server Forum / General / Security / August 2007forward slash in SQL Server
Hello, I am auditing an application using SQL Server as a back end. If I replace forward slash "/" in a textual field whose value is connected to a query with a where clause. It displays all the records from the database. I want to know if forward slash "/" can affect the results of SQL query and in turn security of the database. Thank you Anoop > I am auditing an application using SQL Server as a back end. > If I replace forward slash "/" in a textual field whose value is > connected to a query with a where clause. It displays all the records > from the database. I want to know if forward slash "/" can affect the > results of SQL query and in turn security of the database. The only meaning of / in SQL Server that I can think of is division. Well /* */ are used to enclose a comment. The more interesting character is ' which can be used inject SQL commands in a poorly written application. I'm not really sure that I understand what happens to you. You say that you replace /, but not what you replace it with. Maybe you are running into some special feature in this specific application.  SignatureErland Sommarskog, SQL Server MVP, esquel@sommarskog.se Books Online for SQL Server 2005 at http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx Books Online for SQL Server 2000 at http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.