[Owasp-appsensor-project] SQL injection attack
Dennis Groves, MSc
dennis.groves at owasp.org
Sat Feb 11 10:46:22 UTC 2012
On 11 Feb 2012, at 10:16, Emmanouil Prekas wrote:
I have not programmed in 20 years - but perhaps I can still be of help.
> Hello all
> I have this input :
> station=101 OR 1=1
That is not a valid SQL statement, so this could be part of the problem.
A valid SQL statement always ends is a semi-colon. ";"
assuming you made a typo in this email, then 'station=101 OR 1=1;'
is indeed an attempt at SQL Injection for a given input however there
are two additional things that are going on:
a) this field must actual be part of a SQL query
b) input validation must not be done on that field
All three conditions must be true or you will get a 'false' result.
> When i am checking if it is sql injection command with the command
As for the incredible software written by the contributors of OWASP; I
honestly can not say as my involvement in the project is that of an
architect interested in the patterns and principles.
[Dennis Groves](http://www.owasp.org/index.php/User:Dennis_Groves), MSc
[dennis.groves at owasp.org](dennis.groves at owasp.org)
*This work is licensed under the Creative Commons
Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy
this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or
send a letter to Creative Commons, 444 Castro Street, Suite 900,
View, California, 94041, USA.*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-appsensor-project