Solved Form Combo Box Doesn’t Store Selected Value (Foreign Key Issue)

The_Doc_Man said:
When I was first taking the U.S. Navy's security courses, having something following the valid end of an SQL statement was described as SQL Injection. Perhaps at the time, multi-statement SQL sequences were less common. If I'm wrong about what to call it, so was the U.S. Navy in the 90's. They DID treat it as a broad-brush designation, however, so perhaps more modern systems now have different names for different facets of this symptom. Nomenclature DOES change over time, and I was dealing with SQL INJECTION issues in the 1990s with an early version of ORACLE.
Click to expand...
Injecting malicious SQL following a semi-colon is one method of hacking a database, but there is at least one other method.

For example,

SELECT * FROM users WHERE username = 'admin' AND password = '' OR 1=1;


In theory, that could return the list of users because of the " OR 1=1" part of the WHERE clause. It means, "Return the list of users where the username is 'admin' and there is no password for that user, or where 1=1" Since 1=1 is always true, the response would be all records.


SQL Injection, in other words, is an approach, not a specific SQL pattern. The use of a semi-colon to pass in a second, poison SQL statement is one of the ways it can be done.
 
You must log in or register to reply here.

Similar threads

A
Having trouble with a combo box
Replies
17
Views
814
Pat Hartman
P
Navy Ken
Not sure if this is a query, combo box, SQL or VBA problem
Replies
11
Views
609
Pat Hartman
P
B
Combo Box Search Issue
2
Replies
34
Views
1,361
MajP
MajP
M
When I select a value from the Section field, it should automatically combine with the corresponding values.
2
Replies
33
Views
585
MadPiet
M
V
How to display data in a combo box with a query
Replies
2
Views
256
Gasman
Gasman

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom