SQL Injection

SQL Injection (Full Version)

All Forums >> [Web Development] >> ASP and Database

Message

hessfirm -> SQL Injection (6/10/2008 12:13:31)
This might be posted already...I would love to see any "Best Practices" on fighting the recent SQL injections[:@] when using the DRW. Does anyone have any advice?

BeTheBall -> RE: SQL Injection (6/10/2008 22:57:01)
http://www.frontpagewebmaster.com/m-352053/tm.htm#352053

hessfirm -> RE: SQL Injection (6/10/2008 23:05:32)
Thanks! so then in the following scenario, what is the difference btwn (strText) below and (TextIn) in the bottom example? <%public function fSanitize(strText) replace (strText, "'", "''") replace (strText, ";", ",") replace (strText, "(", "") replace (strText, ")", "") replace (strText, "=", "") replace (strText, "xp_", "") replace (strText, "/", "") replace (strText, "/", "") replace (strText, "--", "") End Function%> and this... <% Function StripQuote(TextIn) TextIn = Replace(TextIn,"'","''") StripQuote = TextIn End Function myVariable = StripQuote(Request.form("myTextField")) %>

BeTheBall -> RE: SQL Injection (6/11/2008 9:44:53)
The first example strips out many characters while the second only replaces a single quote with two single quotes. You wouldn't need the second function if the field in question uses the first function.

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

4.492188E-02