Welcome To The Home Of The Visual FoxPro Experts  
home. signup. forum. archives. search. google. articles. downloads. faq. members. weblogs. file info. rss.
 From: Borislav Borissov
  Where is Borislav Borissov?
 Sofia
 Bulgaria
 Borislav Borissov
 To: Eric den Doop
  Where is Eric den Doop?
 Houten
 Netherlands
 Eric den Doop
 Tags
Subject: RE: Is SEARCH working?
Thread ID: 189352 Message ID: 189419 # Views: 1 # Ratings: 0
Version: Not Applicable Category: Foxite: feedback
Date: Thursday, August 14, 2008 8:45:01 PM         
   


> >
> > Why not refuse the whole query if injection attack is involved in query?
>
> Sure, that would be the best solution, but the current implementation doesn't work that way. It strips out any unwanted (unnamed) parameters (the sql injection) and then continues with the other parameters. The reason for this is backwards compatibility with old links and human errors (typo's).
> --
> Eric den Doop
> www.foxite.com - The Home Of The Visual FoxPro Experts

As for Human error it is easy, just ignore the request and tell the searcher that is something wrong in the search string, not as message box but as a result of the search :-). Maybe a messageBox is better because it will block the bots, but I am not sure about this.
As for backwards compatibility - forget it. Did you see what problems MS has with it :-)
Just tell us: From now on these are the rules for searching ... all the rest will be ignored.
BTW is VFP still a backend?
-----------------
Borislav Borissov

Against Stupidity the Gods themselves Contend in Vain - Johann Christoph Friedrich von Schiller
The only thing normal about database guys is their tables.

ENTIRE THREAD

Is SEARCH working? Posted by Yuri Rubinov @ 8/14/2008 2:39:25 PM
RE: Is SEARCH working? Posted by Eric den Doop @ 8/14/2008 4:14:08 PM
RE: Is SEARCH working? Posted by Yuri Rubinov @ 8/14/2008 5:05:24 PM
RE: Is SEARCH working? Posted by Borislav Borissov @ 8/14/2008 5:17:33 PM
RE: Is SEARCH working? Posted by Eric den Doop @ 8/14/2008 6:04:20 PM
RE: Is SEARCH working? Posted by Borislav Borissov @ 8/14/2008 6:15:22 PM
RE: Is SEARCH working? Posted by Eric den Doop @ 8/14/2008 7:36:45 PM
RE: Is SEARCH working? Posted by Borislav Borissov @ 8/14/2008 8:45:01 PM
RE: Is SEARCH working? Posted by Eric den Doop @ 8/14/2008 9:41:43 PM