We log hundreds of SQL injection attempts per day -- the type with
CAST(0x44004500... AS VARCHAR(4000)). It amuses me that the last thing the
attack does is DEALLOCATE its cursor. My SQL Server DBA tells me this makes
no difference. So...
Are these hackers cargo cultists? Or am I missing something?
I am working on a web application that uses both asp classic and asp.net pages. We need to validate user input to avoid attacks like sql injection. Can a component be created that both page types can use? Is that the best approach? Would I simply use pattern matching to validate strings and/or remove any unwanted characters?
I'm looking for some direction in writing a SELECT statement that will allow me to identify the three most recent records in a table-specifically their unique ID numbers.
Because the records may not be continuous or sequential due to a record being deleted from the table in another part of the app.I can not do something simple like order the statement by DESC and then grab the largest ID.and subtract 1 and 2 from that number to get the three ID's I'm looking for.
I would like to embed an include that fetches the top 3 or 5 most recent topics on my message boards and have them show up on my home page or any other page. They would be linked to that topic discussion. If you look at the bottom of SitePoint.com it would be like that include. I'm using the Snitz Forums on my site if that helps. Is there an easy way to do that?
I'm using SQL to pull records from our db but my query is returning all results in the db table and I only want the most recent entry. There is a date_time column in the format MMDDYYYY HH:MM:SS and I'm using that to order by then writing only the first line which works, but is very slow since there are a lot of records to go through.
What I'm looking for is a way to only retrieve that most recent record instead of pulling them all, then ordering them. Would I be able to use the MAX function for something like this? Does MAX work with a date_time field?
I have created an asp form which I want to use to retrieve attachment from my site users. I am using Aspupload Component on sever to upload attach file on server at specific location. Although I am able to upload attach file on server. Also I created to retrieve attachment from mail its not working.
Can any one help me out to make form or code to retrieve uploaded file as attachment through mail.
Here is file where user fill his information and attach his CV....
I have a number with a decimal point that i always want to round upwards to the nearest whole number.Now i can use the round(No.) function and this works for any value of .5 and above the problem is the lower .1 .2 .3 .4.So an example
if i get the number 14.2 i want the output to be 15
I've created a freight calculator that needs to know how many pallets I'm shipping. I'm using 1 pallet for 750lbs and an extra pallet for anything more than that.
If materialWeight <= 750 Then numPallets = 1 Else numPallets = Round(materialWeight / 750) End If
Now, let's say the materialWeight/750 ends up being 3.2. This is returning 3, but I need it to return 4 since we need an extra pallet.
How can I make it Round up to the next whole number? If it turned out to be an exact number without a decimal then it should stay where it is, but if it's over x.0 at all it should go up to the next whole number.
I'm working on finishing a project the was started by someone else who no longer works here. Its an asp page that takes a whack of numbers form a db, and makes em look all pretty in tables. (its a remake of an excel spreadsheet) the problem is some of the numbers are not apearing properly. I'm thinking it's because they used Round() sometimes and formatNumber() other times. the question is... do these functions handle numbers differently? i know formatNumber can do more then just round but i just need it to make the numbers 1 or 2 decimals.
for eg x = 3.14. I want to do a round up to 1 decimal. if I were to use round(3.14) , I will get 3.1 , however I want to round up , expecting to get 3.2 .
how to round off numbers i have tried 2 different ways but hitting the dead end. say for example the number stored in my variable is
strnum="112"
i want to round it to 115 so my new value will be strnum="115" . so if its 113 it should be rounded to 115 . if its 116 or 117 or 118 or 119 it should be 120 . if its 111 or 112 or 113 it should be 115 . how i can round the numbers.
How can I round the value to the nearest whole number. I have searched on math.round but can not get it to function. Here is how I am getting the results if not division by zero. Code:
If I have a number that looks like 32.3, 15.5, 30.1 etc, I always assumed Price = Round(Price,2) is actually rounding a figure into a whole number or putting 32.30 etc.
So how do you exactly round the figure to whole number or put a zero at the end of it. I was thinking of formatNumber but I can't remember if there is a function for that?
If I do not set the l_b and l_n to NULL then if the next l_niin is null value, I will get the l_n value of previous one only, l_b is still null. I wonder why.
I recently built a login page and a friend of mine was working on something similar and said that I need to protect the login from SQL injection. I am not really sure what exactly that is. I think I have a rough idea but can someone explain it to me? In addition, I will need to obviously protect what I built and am not sure how to go about doing that either.
if anybody has a list of dodgy characters that can be used for sql injection attacks so that i can figure out a way to strip them from user inputs? Also if somebody was filling in a form, that inserts into a "memo" field in access could this be used to launch such an attack or would whatever they type simply be inserted into the field? i hope that bit is clear. i have a form field "message" which is a multi line text box, if someone typed into that box
DELETE * FROM Messages WHERE MessageID =1205
or some other command would that simply be inserted in to the database or would the server try and execute the command??
I have heard a lot about SQL Injection. I was wondering how does an injector come to know about the table/column name when they cannot see the asp codes in a website?