Friday, August 3, 2007 10:16 AM tonyrogerson

Great SQL Injection Video on YouTube

You'll like this; always worth getting your dev team to watch just how stupid you can look if you code and allow SQL injection in.

Always parameterise or preferably use stored procedures; if using dynamic SQL always try and parameterise and if you can't always make sure you handle apostrophes properly.

Take a look: http://uk.youtube.com/watch?v=MJNJjh4jORY

 

Filed under:

Comments

No Comments