views:

6

answers:

0

We are using .nettiers as our DAL and also using the Utility.DetectSqlInjection for extra security.

We hit an odd error today, Someone tried to enter "Executive" into a title textbox, and the Utility.DetectSqlInjection is saying this is an injection attack.

It looks as thought it is seeing the "EXEC" command used to execute sql commands.

Has anyone seen this, or had this occur? Any solution or has .nettiers taken care of this in newer versions?