Defenses against
Piggybacking SQL Commands
¨
Web application must be programmed to
carefully filter user-supplied data
¨
Potentially damaging characters (such as ‘ ”
` ; * % _
) should be filtered at server side
¨
World Wide Web Security FAQ
http://www.w3.org/Security/Faq/www-
security-faq.html
¨