SQL injection attacks are nothing new and hopefully everyone is protecting
themselves from it.

An interesting by-product of the standard method of protection from the basic
sql injection attack (replace single quotes with two single quotes) is
increasing the size of the original value. When building a command in a
variable, its possible to truncate the original WHERE conditions allowing the
attacker to affect much more data than the developer intended.

Bala Neerumalla has written a detailed article for MSDN Magazine with
background on the attack methods, some excellent examples, and methods for

detecting and preventing SQL Truncation attacks
. Definately worth reading
and implementing.

No tags for this post.