http://bdwebster.com/2008/07/02/sql-injection-prevention-ids-in-the-query-string/ Web Development and Other Ramblings Sun, 27 Mar 2011 02:53:15 +0000 hourly 1 http://wordpress.com/ http://bdwebster.com/2008/07/02/sql-injection-prevention-ids-in-the-query-string/#comment-484 Wed, 09 Jul 2008 15:06:58 +0000 http://bwebster.wordpress.com/?p=80#comment-484 If there’s one thing I’ve learned in the work I’ve done, it’s that you should never trust any data coming at you from the web. No matter what it is, clean it and verify it. Expecting an integer? Make sure it’s an integer and nothing else before you deal with it. Expecting a string? Make sure it’s exactly what you expect, nothing more, nothing less. You should never accept any input from the web without an exact specification for what it is and a handling of all cases outside of that specification.

]]> http://bdwebster.com/2008/07/02/sql-injection-prevention-ids-in-the-query-string/#comment-482 Thu, 03 Jul 2008 20:26:32 +0000 http://bwebster.wordpress.com/?p=80#comment-482 [...] Brian Webster – Blog Web Development and Other Ramblings « SQL Injection Prevention: ID’s in the Query String [...]

]]>