Network World

Anatomy of SQL injection attack

While there are a number of security risks in the world of electronic commerce, SQL injection is one of the most common Web site attack techniques used to steal customer data such as credit card ...
Ars Technica

ADO.NET parameterized query

I have been using the SQLcommand in .NET to construct a parametrerized dynamic query. It has always worked, however, when I try to put a parameter in the IN clause, the parameter is not ...
CSOonline

What is SQL injection? How these attacks work and how to prevent them

Immortalized by “Little Bobby Drop Tables” in XKCD 327, SQL injection (SQLi) was first discovered in 1998, yet continues to plague web applications across the internet. Even the OWASP Top Ten lists ...
Linux Journal

Drupageddon: SQL Injection, Database Abstraction and Hundreds of Thousands of Web Sites

Drupal is a very widely used open-source content management system. It initially was released in 2001, and recent statistics show Drupal as the third-most popular content management system, with just ...
Ars Technica

.NET SqlParameter.. single quotes not escaped???

Hey guys,<BR><BR>I have an app that's been deployed a while and today I get some complaint that it's crashing. So I go and investigate and narrow down the problem to a single quote that is finding ...