We recently ran a PCI check on our website to see if it was totally secure.
In the report, it was noted that we have got 6 security holes.
The error we are getting is:
The following CGI script seem to be vulnerable to various SQL injection techniques.
This error was being shown for a value from a html form called 'what', which would always have a value of '1'.
In order to try and solve the problem, i have changed the value of what from '1' to Clng(1) which i believe should only allow numbers, therefore not allowing SQL injection to be done, however the problem is still arising.
I wondered if anyone could help with this.