Friday, August 3, 2007 10:16 AM tonyrogerson

Great SQL Injection Video on YouTube

You'll like this; always worth getting your dev team to watch just how stupid you can look if you code and allow SQL injection in.

Always parameterise or preferably use stored procedures; if using dynamic SQL always try and parameterise and if you can't always make sure you handle apostrophes properly.

Take a look:


Filed under:


No Comments