Hi, From last few weeks I am facing unknown issue on MS SQL database, I have 100 XP windows machines with MSDE 2000, MS SQL 2005 Express edition on few database table values are replace with special character automatically. I faced this issue on three different machines on different tables; suppose actual value is **bafasd459** it got changed with **bafasd45`** and replaces last character with special character value. I got this issue on single row column value only not all column rows of table. Database systems are on WAN. Is it the case of SQL Injection Attacks? Is SQL Injection is possible on Desktop Application? (Delphi Desktop application on MS SQL) What things should I check to indentify the issue?
To answer the question about is SQL injection possible on a desktop application - yes! SQL injection can happen ***anywhere*** where you are not sanitising your input and using that input to build dynamic queries. Don't be fooled into thinking that because your application isn't public facing (i.e. on a website) that it isn't prone to attack. A lot of attacks happen from within organizations!