Then my website was open for SQL injection and was exploited using Haviz. My question is for the program that you can place a placeholder in the format of getVariable =% inject_Here% .
Now I know in a statement that you can use% as a wild card.
Does the% symptoms compare to any significance in comparison? Or with the structure it's really looking for the string "% inject_Here%".
I'm just trying to understand the format to help stop the injection.
The topic will be appreciated!
You can convert a string to hexadecimal value. This is a website about doing this in SQL: It is easy to use the method to convert strings and hexadecimal to each language. With this you can put any character in the string.
If you are actually using percentage in a mathematical type of percentage, then it is not fair to store them in your SQL string. You should store it in decimal format. Example of decimal (P, S) is the decimal (5, 2)
No comments:
Post a Comment