Damon Cortesi's blog

Musings of an entrepreneur.

SQL Injection

| Comments

It never seems to amaze me how many sites are still vulnerable to SQL Injection. I just stumbled upon a site specifically for SQL Server scripts and it was SQL injectable!

Microsoft OLE DB Provider for ODBC Drivers error ‘80040e14’

[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ”.

To all web developers out there - validate all user input always!!! Especially if your backend is Microsoft SQL - it’s just too easy to gain utter and complete control over a system where the web frontend is vulnerable to SQL Injection.

ponders whether he validates all user input…