Allow Unrestricted Use of Quotes and Apostrophes in User Input

Allow Unrestricted Use of Quotes and Apostrophes in User Input

There is no need to restrict your users’ ability to use apostrophes or quote characters in input. This simple filtering technique allows unrestricted use of quotes and apostrophes, and can help guard against many SQL injection attacks to boot.

SQL will accept either the quote (“) character or the apostrophe (‘) as a string delimiter, although the latter is preferred. If the string includes an embedded delimiter character, the string is terminated early, and what follows is treated as a new SQL statement, which is where the injection vulnerability comes into play. However, paired delimiter characters are treated as a single embedded non-delimiter character, which suggests the simple solution: use an apostrophe as the delimiter, and filter the string and replace every apostrophe with two apostrophes.

I use a standard function when generating dynamic SQL statments which takes a string as input and returns a bounded and filtered statement component. What follows is VBScript, but can easily be converted to any language. Note that the function returns the string ‘Null’ when the sIn argument value is an empty string.”

Public Function SQLBoundString(ByVal sIn)    If sIn = "" Then        SQLBoundString = 'Null'    Else        SQLBoundString = "'" & Replace(sIn, "'", "''") & "'"    End IfEnd Function
Share the Post:
Heading photo, Metadata.

What is Metadata?

June 1, 2023

What is metadata? Well, It’s an odd concept to wrap your head around. Metadata is essentially the secondary layer of data that tracks details about the “regular” data. The regular

XDR solutions

The Benefits of Using XDR Solutions

May 24, 2023

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

May 23, 2023

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

May 22, 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

May 17, 2023

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of

kubernetes logging

Kubernetes Logging: What You Need to Know

May 16, 2023

Kubernetes from Google is one of the most popular open-source and free container management solutions made to make managing and deploying applications easier. It has a solid architecture that makes

ransomware cyber attack

Why Is Ransomware Such a Major Threat?

May 15, 2023

One of the most significant cyber threats faced by modern organizations is a ransomware attack. Ransomware attacks have grown in both sophistication and frequency over the past few years, forcing

Show More