Replies to post #62246 on The Question and Answer Board (IHUB)

[Mattu]

Edit_profile is the name of the ASP, which is public knowledge, it's not the name of a column.

[Bob Zumbrunnen]

We weren't discussing field names in the db (SQL Server) and giving the names of ASP files is not a security risk as far as I know. Besides, anyone can look at their URL to determine what ASP module is in use at the time. For example, as I'm writing this, I can look up and see I'm using post_reply.asp and the querystring that was passed to it.