I've been logging many attempts for a while now to hack our site with SQL injection attempts. Our own code is setup to prevent this but I see many attempts on the webresource.axd and scriptresource.axd files which indicate that people are attempting to hack those, probably with an automated bot.
So here is what I'd like to know: - What are accepted values for the format of the d and t values? - Would a space, single quote or equals character be eliminated by virtue of how the string is constructed?
I'd like to code for what I expect since this is good defensive practice.
If someone is trying to hack my site I can then pick up that information and cut them off right away.
