How to prevent Illegel/ Logically Incorrect Queries?
Illegal/Logically Incorrect Queries
1)Original
URL:http://www.arch.polimi.it/eventi/?id_nav=886
2)SQLInjection:
http:/`/www.arch.polimi.it/eventi/?id_nav=8864'
3) Error message showed:
SELECT name FROM Employee WHERE id =8864\' from
the message error we can find out name of table and fields:
name; Employee; id. By the gained information attacker can
arrange more strict attacks
Should I hide the error message into 404 - Error instead of showing all of them? or is there any other method to prevent this?