SQL InjectionIf you have any problem with SQL Injection we can help you
DETECTING SQL INJECTIONS
Second step is to identify all input fields which accept values that can be used in crafting SQL queries.
The third step is to test application for SQL injections using the following procedures:
- Enter a semicolon (;) or single quote (‘) to the input field.
- If the input field is not being filtered correctly , it will generate an error message which tells you that it is vulnerable to SQL injection.
- Also comments (–) and other SQL keywords like OR and AND can be used to test the input field.
AVOIDING SQL INJECTIONS
- Validate user input by adding checking for variable Length, Type, Format and Range.
- When possible reject input values that contain semi-colon, single quote, comment delimiter (–), comment delimiter (/*…*/) and (xp_)
2050 Martin Ave
Santa Clara Ca. 95050
Saturday & Sunday: 11:00AM–3:00PM