Urgently. Correction login

[Призрак урана]

And so, today I received this error

Code:

2014-11-16 19:59:50 err=-1, [Microsoft][ODBC SQL Server Driver]Function sequence error, SQL STATE: HY010, NATIVE ERROR: 0 (0x0)

2014-11-16 19:59:50 GetUser(): err=-1, query=EXEC usp_Try_GameLogin_Taiwan ''drop table users_master--  ','adfadf', 4242741533062725633,'80.83.239.38', [Microsoft][ODBC Driver Manager] Invalid cursor state, SQL STATE: 24000, NATIVE ERROR: 0 (0x0)

2014-11-16 19:59:51 err=-1, [Microsoft][ODBC SQL Server Driver][SQL Server]Invalid object name 'Users_Master'., SQL STATE: 42S02, NATIVE ERROR: 208 (0xD0)

Table user_data simply removed when entering the game. I think that this may be a bug on many servers. Who can help with this fix?

[nubness]

Code:

SET @UserID = REPLACE(@UserID, '''', '')

Homework:
Write me an essay on SQL injection.
Must contain full description of how exactly it was used to delete the table on your server.

[Призрак урана]

Quote:

Originally Posted by nubness

Code:

SET @UserID = REPLACE(@UserID, '''', '')

Homework:
Write me an essay on SQL injection.
Must contain full description of how exactly it was used to delete the table on your server.

Very nice answer. I know it. But the problem is that the procedure is not even performed deletion occurs before performing.

[nubness]

Hmmm, you're right. I guess I can overlook things at 3 AM (that's my lame excuse for you).

There's a few solutions you might wanna try here:

Code:

DENY DELETE ON OBJECT::PS_UserData.dbo.Users_Master TO Shaiya (or whatever database admin name you have);

That's basically messing with permissions.

You can also create a new table with a foreign key referencing a column in the Users_Master. It will prevent the table from being dropped or truncated. For the delete instruction, you could do a trigger INSTEAD OF DELETE and have it do nothing.

These may not be the perfect solutions, but they can get it done.

Sorry for my previous post, I haven't checked it carefully.