SQL Injection

	Home Register Search Help Login

Sponsors

Shopping Cart Software
Ecommerce software integrated into Frontpage, Dreamweaver and Golive templates. No monthly fees and available in ASP and PHP versions.

Website Templates
We also have a wide selection of Dreamweaver, Expression Web and Frontpage templates as well as webmaster tools and CSS layouts.

Frontpage website templates
Creative Website Templates for FrontPage, Dreamweaver, Flash, SwishMax

Search Forums

Recent Posts

Todays Posts
Most Active posts
Posts since last visit
My Recent Posts
Mark posts read

SQL Injection

View related threads: (in this forum | in all forums)

Logged in as: Guest

Users viewing this topic: none

Printable Version

All Forums >> Web Development >> ASP and Database >> SQL Injection

Page: [1]


hessfirm Posts: 153 Joined: 9/15/2004 Status: offline	SQL Injection - 6/10/2008 12:13:31 This might be posted already...I would love to see any "Best Practices" on fighting the recent SQL injections when using the DRW. Does anyone have any advice? _____________________________ Steve Hess


BeTheBall Posts: 6357 Joined: 6/21/2002 From: West Point Utah USA Status: offline	RE: SQL Injection - 6/10/2008 22:57:01 http://www.frontpagewebmaster.com/m-352053/tm.htm#352053 _____________________________ Duane Some people are like Slinkies . . . Not really good for anything . . . . . But they still bring a smile to your face when you push them down a flight of stairs. (in reply to hessfirm)


hessfirm Posts: 153 Joined: 9/15/2004 Status: offline	RE: SQL Injection - 6/10/2008 23:05:32 Thanks! so then in the following scenario, what is the difference btwn (strText) below and (TextIn) in the bottom example? <%public function fSanitize(strText) replace (strText, "'", "''") replace (strText, ";", ",") replace (strText, "(", "") replace (strText, ")", "") replace (strText, "=", "") replace (strText, "xp_", "") replace (strText, "/", "") replace (strText, "/", "") replace (strText, "--", "") End Function%> and this... <% Function StripQuote(TextIn) TextIn = Replace(TextIn,"'","''") StripQuote = TextIn End Function myVariable = StripQuote(Request.form("myTextField")) %> _____________________________ Steve Hess (in reply to BeTheBall)


BeTheBall Posts: 6357 Joined: 6/21/2002 From: West Point Utah USA Status: offline	RE: SQL Injection - 6/11/2008 9:44:53 The first example strips out many characters while the second only replaces a single quote with two single quotes. You wouldn't need the second function if the field in question uses the first function. _____________________________ Duane Some people are like Slinkies . . . Not really good for anything . . . . . But they still bring a smile to your face when you push them down a flight of stairs. (in reply to hessfirm)

Page: [1]

All Forums >> Web Development >> ASP and Database >> SQL Injection

Page: [1]

Jump to: 1

New Messages	No New Messages
Hot Topic w/ New Messages	Hot Topic w/o New Messages
Locked w/ New Messages	Locked w/o New Messages

Post New Thread

Reply to Message

Post New Poll

Submit Vote

Delete My Own Post

Delete My Own Thread

Rate Posts