I have to fix some security problems in a non-IT app that was assigned to keep us this Microsoft Access Front -end (SQL Server Back-End).
Does anybody know that SQL injection can be done through the records of SourceSource or Microsoft Access Control Roosource property? For example, if I set the record resource of the listbox to
This is definitely a quick fix ... this application is being redesigned and later this year, access (yay!) Has gone out. Thank you in advance! If you are combining string, then you are weak. , then me SomeListBox.Recordsource = 'SELECT * SomeTable WHERE SomeField =' '' & amp; Me.txtSomeTextBox & amp; '' '. * I'm not sure whether Microsoft has created or prevented those properties, so I'm thinking that I should run that Me.txtSomeTextBox through the cleanup function.
No comments:
Post a Comment