Skip to main content

Hey Yo! SQLCMD may truncate your XML!

While trying to use SQLCMD to produce an app.config file, I encountered problems with the output being truncated. The script was similar to: DECLARE @appconfig XML SET @appconfig = ‘<configuration></configuration>’ … Insert configuration nodes — Output the config SELECT @appconfig as ApplicationConfiguration The default options for SQLCMD produced output like: ApplicationConfiguration ————————- <configuration><connecti (the value […]

Read More

SQL Truncation Attacks

SQL injection attacks are nothing new and hopefully everyone is protecting themselves from it. An interesting by-product of the standard method of protection from the basic sql injection attack (replace single quotes with two single quotes) is increasing the size of the original value. When building a command in a variable, its possible to truncate […]

Read More