Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2005 Forums
 SQL Server Administration (2005)
 sql injection

Author  Topic 

neil_akoga
Yak Posting Veteran

56 Posts
Posted - 2008-10-18 : 13:44:19
hi, i've inherited a really badly coded site that is suffering from sql injection attacks, they keep appending a link to the start of the value in various columns. is there any software that will batch replace any value in any text data type column, a the moment i'm writing a repair update statement but some of the tables are huge and it would take me a week to type out all the column names. any help is appreciated and yes i have started securing the site but as it's a complicated site its taking a lot of time to patch all the vulnerabilities. help is appreciated :)

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2008-10-18 : 21:25:07
You can easily generate the code using the INFORMATION_SCHEMA.COLUMNS system view. Could you show us an example of what the code should replace in the column?

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page

neil_akoga
Yak Posting Veteran

56 Posts
Posted - 2008-10-20 : 05:03:22
thanks tkizer, i've written the statment now.
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site