0

I have a SQL Server 2005 database and that is effected by malicious contents on daily basis. Like links or scripts. That content is mostly added in the last of database varchar type column.

I want an instead of trigger that fires when an update query runs containing following tags: </a> or <img or <script.

And this trigger must cancel this update query.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
user1487542
  • 1
  • 1
    Shouldn't you check this in the application logic to tell the users that they are not supposed to user these tags and have a chance to fix the content they're trying to submit? – Marek Grzenkowicz Jun 28 '12 at 07:05
  • 2
    Why not fix the SQL injection problem? [I assume you mean something like this](http://stackoverflow.com/questions/8380233/can-someone-explain-this-sql-injection-attack-to-me) – Martin Smith Jun 28 '12 at 07:05
  • 2
    Sanitize the input *before* it gets near the database. And, preferably, use a whitelist rather than a blacklist. – Damien_The_Unbeliever Jun 28 '12 at 07:06

0 Answers0