Tag Archives: sql

Search opening square bracket in SQL query with LIKE operator


Hi,

In my previous post, I’ve identified an issue of file name with square bracket in Amazon S3 URL wasn’t opening in FireFox.

So my next job was to rename the files, and update the path in database.

I wanted to search how many path has ‘[‘ or ‘]’ bracket in file name (consider attachment as SQL table column name for convenient).

I wrote like:

WHERE attachment LIKE '%[%'

But this will not work. When I see MSDN link I came to know that % and [ are used as wild card characters, and I mixed them!!

Then I thought escaping it might work

WHERE attachment LIKE '%\[%'

Silly huh! finally I came up with following:

WHERE attachment LIKE '%[\[]%'

Classic ASP SQL injection prevention by using query parameter


Hello friends,

Recently I got a client email that his site is affected by malware and Trojan virus. Google safe browsing tool and other firewall security gateway was blocking some of the site URLs.

Site was written in classic asp long ago by other company. When I look into the file contents, no files were modified. Normally if hackers get the ftp details then they modify files and add some iframe code that will load other virus affected sites. But this wasn’t case here. So there may be a case of SQL injection. When I looked into database tables, I found some of the fields with having some html code. That html code was loading other sites which are virus infected. Our site is not allowing anyone to add/edit records, however records were modified. This was done by SQL injection using query string parameter.

I looked into some of the pages, and I found page that lists records and records were filtered by some condition and by query string parameter.

In classic asp, most of the developers write an SQL query like following:

sql = " SELECT * FROM table WHERE id = " & Request("id") 

Executing such query easily opens a way for SQL injection. We must need to validate the variables used in SQL query.

Fortunately, we can do it by adding parameters in SQL query. Basically we need to create ADODB command object. A detailed example is show bellow:

<%
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open "Your connection string"

set cmd = server.createobject("ADODB.Command")
sql = " SELECT * FROM table WHERE id = ? or name like ?"

cmd.ActiveConnection = conn
cmd.CommandText = qText
cmd.CommandType = adCmdText
cmd.CommandTimeout = 900
cmd.Parameters.Append cmd.CreateParameter("@id", adInteger, adParamInput, ,request("id"))
cmd.Parameters.Append cmd.CreateParameter("@name", adVarchar, adParamInput, 50, "%" & request("name") & "%")

set rs = cmd.Execute

Set rs = Nothing

Set conn = Nothing
%>

Also note that, when you add or append a parameter, name is not much important. Parameter position is the important thing. First ? mark will be replaced by first parameter and second ? mark with second parameter.

Please note that here we have used some VB constants. You need to declare them somewhere. You can include this asp file on the top of your page.

Bug – count() function in ColdFusion query of query


Hi,

It has been a great time since I started working on ColdFusion. I must say that it is the easiest language in the world and yet it is a powerful and can be compared to any major programming language.

In last few days, I was using ColdBox and MockBox framework in our current project. I was using query of query which is very similar to SQL query, and we can use it over query object in ColdFusion.

Count() is a math function, but if we use it with select statement like count(*), it returns a number of rows fetched in select query. I used it query of query, and it was giving me the correct count if my select statement is returning some rows, but if it is not returning any row then ideally it should give 0 as output, but it gives [empty string].

I must need to come out of this issue, and I used a recordCount property of returning object, but you can also use CodlFusion function val() to convert the empty string to 0.

I can state that it is a bug base on the answer I get from the community. See my question on Stack Overflow Community. Still I will wait for some time if it is appropriate I’ll report it to ColdFusion bug tracking system.