Comments for vty.cc http://vty.cc networking with shoelaces Thu, 31 Mar 2011 17:18:58 +0000 hourly 1 Comment on Lizamoon.com knows SEO! Or how to fix an MSSQL injection. (NEW) –t6ryt56.info/ur.php by vty http://vty.cc/2011/03/29/lizamoon-com-knows-seo-or-how-to-fix-an-mssql-injection/comment-page-1/#comment-39 vty Thu, 31 Mar 2011 17:18:58 +0000 http://vty.cc/?p=63#comment-39 I've actually never tested with something such as quotes/double quotes, but I'd imagine it would be the same. Make sure you back up your database before testing this (I'm no DBA myself). SET @stringToFind = '"' SET @stringToReplace = '' I’ve actually never tested with something such as quotes/double quotes, but I’d imagine it would be the same. Make sure you back up your database before testing this (I’m no DBA myself).

SET @stringToFind = ‘”‘
SET @stringToReplace = ”

]]> Comment on Lizamoon.com knows SEO! Or how to fix an MSSQL injection. (NEW) –t6ryt56.info/ur.php by Stavros http://vty.cc/2011/03/29/lizamoon-com-knows-seo-or-how-to-fix-an-mssql-injection/comment-page-1/#comment-38 Stavros Thu, 31 Mar 2011 12:10:36 +0000 http://vty.cc/?p=63#comment-38 Nevermind mate...i figured it out! Nevertheless, i have another question... Can i use the same procedure to find and replace anything i want? e.g. There are many authorized users that submits articles in my system and although i specificaly instructed them NOT to use single or double quotes they still do... Can i use the same procedure in order to find and replace all double quotes ? And most of all.....HOW? :p P.S. I am not even close to newbie on SQL.... Nevermind mate…i figured it out!
Nevertheless, i have another question…
Can i use the same procedure to find and replace anything i want?
e.g. There are many authorized users that submits articles in my system and although i specificaly instructed them NOT to use single or double quotes they still do…
Can i use the same procedure in order to find and replace all double quotes ? And most of all…..HOW?
:p

P.S. I am not even close to newbie on SQL….

]]> Comment on Lizamoon.com knows SEO! Or how to fix an MSSQL injection. (NEW) –t6ryt56.info/ur.php by Stavros http://vty.cc/2011/03/29/lizamoon-com-knows-seo-or-how-to-fix-an-mssql-injection/comment-page-1/#comment-37 Stavros Thu, 31 Mar 2011 10:56:45 +0000 http://vty.cc/?p=63#comment-37 Could you please be more specific... when declaring... DECLARE @stringToFind VARCHAR(100) DECLARE @stringToReplace VARCHAR(100) DECLARE @schema sysname DECLARE @table I get error msg Msg 102, Level 15, State 1, Line 4 Incorrect syntax near '@table'. What am i doing wrong? Could you please be more specific…
when declaring…
DECLARE @stringToFind VARCHAR(100)
DECLARE @stringToReplace VARCHAR(100)
DECLARE @schema sysname
DECLARE @table

I get error msg
Msg 102, Level 15, State 1, Line 4
Incorrect syntax near ‘@table’.

What am i doing wrong?

]]>