Ayende @ Rahien

It's a girl

How to test for SQL Injections

Not only does this snippet effective in finding simple SQL Injection attacks:


 The side effects are highly reduced ratio of second offences, and a sudden improvement in backup practices.

Now if I could fix the weeping issue...


Matthew Martin
08/21/2007 11:27 PM by
Matthew Martin

A better test would drop master or msdb, that way the test could be re-used for other projects. WAITFOR DELAY '00:00:30' works too.

08/22/2007 01:05 PM by

Hehe. Fair enough.

Chris May
08/31/2007 02:18 PM by
Chris May

This would be a good place for one of us SP lovers to make a comment, but I will hold back :)

Comments have been closed on this topic.