October 20, 2010 at 9:47 am
Hi All,
I have a text column comming from 3rd party DB,so before inserting that data into my DB ,i have to check wether there are any SQL scripts/Queries in that particular column to avoid Sql Injection.
can you please help me in writing that query
Thanks in Advance
October 20, 2010 at 9:55 am
How are you inserting into the text column? Are you bulk importing, or doing something else?
Inserting text can't result in SQL injection unless you're using dynamic SQL to do the inserting.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
October 20, 2010 at 10:02 am
i am inserting the data through SSIS but my crazy lead whats me do to the data scrubbing which has to check wehter that particualr text column has either HTML or SQl Scripts in it
this is the sample record in my column
seems resistent/inbound call/home schools son/>household responsibility needs diet plan and shopping list/asthma seasonal will ask for inhaler for rescue/discuss sx/seems aware of HF plan and management/not comfortable with Dr. language deficit & relationship < X40240rnstl
so when i am inserting this kind of data to Db as i am getting the data from the 3rd party they want me to check those conditions
October 21, 2010 at 1:08 pm
I'd search around (Google/Bing/whatever) and see if you can find a regex that can do that for you. There probably are some. That'll be your best answer to it.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply