Filtering query words out of SQL

I have a little project I'm working on, and was just doing some random testing, when I figured out that I can directly inject from simply connecting to a port and running a certain thing.

The fix is rather nerve racking to make, so I was wondering, is it possible to completely filter out a word from ANY query given to an SQL 2000 server?

That is, if a webpage for example, sends the query "SELECT * FROM bob", can I have a filter in place so that if the word "bob" is sent, it ignores the query (on the ENTIRE SQL server)?

Or another form of a workaround?

Also, are there any other tools that can completely block an entire ISP from making remote connection to a server?

Any help is appreciated. Thanks.

 

 

 

 

Top