|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
RE: yet another injection question
Date: Tue Apr 15 2003 - 21:01:29 EDT
The error is very simple. You are inserting a NULL into a column that does not allow a NULL. Whether you filled in a HTML field in some form is barely relevant. This has also has nothing to do with sql injection or web app security, except that by displaying this error you are providing information about your database.
I'm guessing we are talking ASP here from the fact that you are running SQL7, however this also applies to php.
<simplification>
Inserting data in web apps generally happens in the following form. Fill in HTML form and submit. The HTML form submits to a page that reads the POSTed data (Request, Request.Form in ASP, $_POST php). From this data either a SQL statement is generated (INSERT INTO tbl (<columns>) VALUES (<values>)) and executed, or a stored procedure is executed with a command object.
</simplification>
With that in mind the error is going to come from one of two sources: 1. forgetting to set a value in the INSERT statement (hence defaulting to NULL), ie not enough columns in the VALUES (). 2. explicitly setting a value to NULL.
Judging from the question I'd suggest 1. is more likely. That means that either in your proc or your generated SQL statement you have missed a column. That is you have not correctly mapped the fields from the HTML form to the columns of your database.
This question is more suited to an asp (or php) mailing list, not a web application security list. I'd suggest looking into some of the lists that are out there. http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=asp+mailing+list
regards
David Cameron
nOw.b2b
dcameron@itis-now.com
> -----Original Message-----
Received on Tue Apr 15 22:24:37 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:50 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |