T-SQL Validation
-
Needing to write a UDF searching for invalid KEY WORDS in a user defined SQL build. UPDATE and SELECT are the only ones that should be allowed. DROP, TRUNC, INSERT, etc. should not be allowed. Any help is appreciated.
-
I'll rather enforce that with SECURITY ROLES!
My $0.02
* Noel -
noeld's idea is great. You can check with UDF, but you must handle many possibilitiessssss, such as '--', '*' and other reserved characters.
Beware of SQL Poisoning! For example, SQL query can be poisoning by inserting two or more SQL query after your original one, using termination characters, such as '--' and ';'. Check SQL Poisoning from Internet to know more.
Regards,
kokyan 
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply