Fields in my tables are disappearing!

I am using a hosted MSSQL 2000 database that powers the backend of my
website. Website visitors interact with it via ASP pages I have
developed. I also have an internal FileMaker 7 database that
periodically synchs with it via Filemaker's ODBC functionality.

Several times now, I have come in one day to discover that my ASP pages
don't work. When I look into it, one of my MSSQL tables will be missing
a few fields. There is nothing in any of my code that sends an ALTER
TABLE command or any other command that affects table structure. These
deletions of fields is totally random.

The most recent example was with a table called FreeTeacherSubs. I just
discovered today that three fields went missing:

 HowDidYouHearAboutYE
S TEXT
FollowUpCallOrEmail         TEXT
HowMaterialsFit                TEXT

Suffice to say I am baffled! Has anyone ever experienced fields
disappearing from their tables?

Kevin

It may be something called SQL Injection.  From what I understand, if
you have a text box on your ASP page, then someone may be able to type
in a SQL statement and affect your database that way.  I don't really
know how it would work, but I bet if you google it, you'd find plenty
about it.  Of course, that may not be what is happening at all.  :)
Something to consider.

Jennifer

Kevin Audleman (audleman@quasika.net)  writes:
> I am using a hosted MSSQL 2000 database that powers the backend of my
> website. Website visitors interact with it via ASP pages I have
> developed. I also have an internal FileMaker 7 database that
> periodically synchs with it via Filemaker's ODBC functionality.
>
> Several times now, I have come in one day to discover that my ASP pages
> don't work. When I look into it, one of my MSSQL tables will be missing
> a few fields. There is nothing in any of my code that sends an ALTER
> TABLE command or any other command that affects table structure. These
> deletions of fields is totally random.
>
> The most recent example was with a table called FreeTeacherSubs. I just
> discovered today that three fields went missing:
>
>  HowDidYouHearAboutYE
S TEXT
> FollowUpCallOrEmail         TEXT
> HowMaterialsFit                TEXT
>
> Suffice to say I am baffled! Has anyone ever experienced fields
> disappearing from their tables?

One possbility is that the hosting company for some reason restored a
backup. In this case, the columns would be the most recently added.

Jennifer suggested SQL injection, and indeed, if you build your SQL
statements entirely dynamically, and don't parameterise them, your
site could be open to SQL injection. In this case an attacker drops
columns, because, well, he feels like it.

That Filemaker thing you mentioned, what synchs with what. Does your
database sync with Filemaker? In such case, if it synchs the schema
could that have effects?


--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pr...oads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodin...ions/books.mspx