Why can't we use the word S E L E C T?

from WinCustomize Forums
Anytime I try to post a comment that includes the word "" (S E L E C T without the spaces, in case it's deleted here too!) the word is deleted from the post. The rest of the sentence is there, but the "s-word" is missing. This is really a pain. > Does anyone know why this happens, and can it be fixed? Sorry if this has been asked a million times, but I searched and didn't find anything.

If you think I'm crazy and want to see it in action, look here: https://www.wincustomize.com/window.asp?Cmd=COMMENTS&Lib=34&SkinID=57


Thanks,

Will
10,538 views 28 replies
Reply #1 from WinCustomize Forums Top
Apparently a lot of database specific control words aren't working. I believe it is being worked on, though.
Reply #2 from WinCustomize Forums Top
try typing D E L E T E (wirhout the spaces)
SoundPackager - Customize the Windows sound scheme
Reply #3 from WinCustomize Forums Top
and |nsert.

I just work by using the | instead of the L's. Or I just use 1337 sp34k. $313c7, !n$3r7, d31373.
Reply #4 from WinCustomize Forums Top
Delete Select Insert .... just capitalize the words.



Powered by SkinBrowser!
Reply #5 from WinCustomize Forums Top
Yes, I was just going to say the same as Koasati. Just start the word with a capital and it'll be fine. Problem is that we had some security issues and that's the quick fix that was found. Delete, Insert, Select...
Reply #6 from WinCustomize Forums Top
Yep..... The best fix for SQL Injection Hacks, which can be pretty nastified, is simply to filter the words from use
Reply #7 from WinCustomize Forums Top
delete < needs to be added again

[Message Edited]
Reply #8 from WinCustomize Forums Top
funny... I don't think I have used that word here....



Powered by SkinBrowser!
Reply #9 from WinCustomize Forums Top
I'd say it was the quickest fix for SQL injection hacks, not the best.
Reply #10 from WinCustomize Forums Top
Test: delete, insert, select.

Cool, it works.


[Message Edited]
Reply #11 from WinCustomize Forums Top
what does?
Reply #12 from WinCustomize Forums Top

Using URL encoded characters, I can type the above words.

Reply #14 from WinCustomize Forums Top
delete

test
Reply #15 from WinCustomize Forums Top
Hmm....very cool. So how come, instead of removing the words, we just replace then with those?
Reply #16 from WinCustomize Forums Top
Just left a message to Pat regarding this.
Reply #18 from WinCustomize Forums Top
Filtering input on SQL statements is a bad solution. It's like preventing burglars from breaking in by covering your house in concrete.

The correct solution would be to escape the text before entering it into the database. Escape all binary code or anything that could break the query.
Reply #19 from WinCustomize Forums Top

That sure would prevent the burglars from coming in now, wouldn't it?

Listen, we got aware of the problem, we shut down the site, Pat made this quick fix and we're back up and safe now. WC 2k4 is coming soon so lets not panic, k?

Reply #22 from WinCustomize Forums Top
yeah!! WIN2k4

I hope they keep the blogging ability in there!!!
Reply #24 from WinCustomize Forums Top
Umm....win2k5 is coming soon, isnt it?
Reply #25 from WinCustomize Forums Top
Oh I don't know anymore.  But if it 2k5, it's still scheduled for 2k4 though, afaik.