By tag: Hacking
Ban this user: Options
Please provide a reason for deleting this story
Stephen Walther's latest MVC tip introduced me to the MVC framework's ability to pass server variables into actions as parameters. Unfortunately using this feature is a very bad idea and could jeopardize the security of your application. Take a look at a code sample you might find surprising.
Explains SQL Injections, lets you perform a SQL injection against a live database, and explains how to mitigate the problem. If you are trying to get someone to write injection-proof code, I hope this will motivate them :)