Please start any new threads on our new site at We've got lots of great SQL Server experts to answer whatever question you can come up with.

Our new SQL Server Forums are live! Come on over! We've restricted the ability to create new threads on these forums.

SQL Server Forums
Profile | Active Topics | Members | Search | Forum FAQ
Save Password
Forgot your Password?

 All Forums
 General SQL Server Forums
 Data Corruption Issues
 Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Starting Member

3 Posts

Posted - 03/11/2010 :  16:09:18  Show Profile  Reply with Quote

I take the estate of someone who has set up a server with SQL on Apache.

I am responsible for restoring order in his work.
I was surprised to find all sizes emails completely free:
so someone can write:
toto.titi @

as he can write without constraint:


I found lots of false addresses in the database.

My question:
is there a risk of injecting code, malicious of course, with a format email if misconfigured?

I will appreciate an answer from you

thank you and goodbye

Almighty SQL Goddess

38200 Posts

Posted - 03/11/2010 :  22:46:40  Show Profile  Visit tkizer's Homepage  Reply with Quote
There isn't a risk associated with the format of the email. The risk would be in the programming of the application. You'll need to ensure that it's using parameterized queries.

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server

Subscribe to my blog

"Let's begin with the premise that everything you've done up until this point is wrong."
Go to Top of Page

Starting Member

3 Posts

Posted - 03/12/2010 :  11:36:25  Show Profile  Reply with Quote
Hello and thank you for your reply.

Can I take my other question, please?
Please correct me if I read your poorly thought:

Standardization of the email is not the main priority. But do we agree on principle that email address can contain a code to operate on the database?

It would be the priority?
I confess not to be very strong in SQL that is not my part of the more advanced skills in computer. What worries me is found to have emails with extensions longer than 20 characters ....
Concerning security can be better, right?
Go to Top of Page

Starting Member

3 Posts

Posted - 03/12/2010 :  11:44:35  Show Profile  Reply with Quote
sorry, the message is gone before I could make a salutation:
Thank you again for your response and the time you have spent. Remaining at your service,
I wish you a great weekend.
Go to Top of Page
  Previous Topic Topic Next Topic  
 Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.02 seconds. Powered By: Snitz Forums 2000