Access and SQL Injection (Full Version)

All Forums >> [Web Development] >> ASP and Database



Message

jeepless -> Access and SQL Injection (12/29/2006 9:35:33)

Are Access databases susceptible to SQL injection techniques like they are for SQL or MySQL databases? I've been reading up on common injection techniques, but most seem to apply only to pure SQL databases. I use quite a few Access databases on my sites and have always wondered if they're susceptible, too. If they are, which techniques would be applicable for Access? Does using the FrontPage DRW make any difference or would it only apply to pure ASP solutions?



rdouglass -> RE: Access and SQL Injection (12/29/2006 9:42:46)

Not as much but still suceptible somewhat. I make it a common practice to build a function into all my projects that just 'processes' form fields. It can be as simple as: 

<%
Function StripQuote(TextIn)
	TextIn = Replace(TextIn,"'","''")
	StripQuote = TextIn
End Function


myVariable = StripQuote(Request.form("myTextField"))
%>


but it is a good habit to have.



BeTheBall -> RE: Access and SQL Injection (12/29/2006 12:02:48)

Adding to what Roger said, I believe the DRW has a similar function built-in and is quite safe.



Page: [1]

Valid CSS!




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI
0.0625