Witness the power of ASP.NET!

I just built a form which accepts user input and wanted to test it so i entered some HTML code and guess what, when i submitted the form, ASP.NET automatically picked it up as being potentially dangerous and didnt insert it into my database! ...i wasnt aware it did this so as you can tell im pretty impressed!!

Dot Net has many over-rideable security aspects which can be accessed via the framework.

The system.security namespace also allows for expansion of security using you own code.... you could write a security module for instance to only allow form posts from UK based ip addresses (if you really wanted to)

Just another example of how .Net is so powerful.

Dot Net will also allow you to Catch this exception (generating the error in smokies example) as well as many other security errors (custom ones too) site wide, and provide user friendly handling as opposed to an ugly server error page.

__________________
Click the 'Thanks!' button if this post has helped you

Rob - Webforumz Founder

As will PHP with Apache (it's been able to do that for years)...

oh :sad:

Sorry Smokie, I wasn't referring to entering potentially dangerous information into a database, just all the stuff that Rob said. Although I'm sure you can get something which screens for potentially dangerous information.

No worries, PHP always was more inovative than ASP!

<blockquote id="quote" class="ffs">quote:<hr height="1" noshade="noshade" id="quote" />No worries, PHP always was more inovative than ASP!<hr height="1" noshade="noshade" id="quote" /></blockquote id="quote">As a dedicated ASP fan, I have to totally agree with both of you. ASP has it's plus points though!

PHP as a language is more functional, and no-one will argue with that. It is the case that more functions, procedures and objects (packaged black box code) are available because someone decided to bundle them in. As an example, Microsoft decided to include a 'replace' function in ASP, which lets you substitute occurences of specific text within a string for something else.... they wrote the function for us.... but thats not to say this would be impossible without that function.

PHP cannot do more than ASP!!! Functionally they are on a level footing.

PHP and ASP are extendable, and for anyone who knows my ASP coding style (ie... write classes for everything) will know my code is highly re-usable.... therefore extending my 'personal ASP framework'

A language is only as powerful as the stuff it lets you do.... whether the 'stuff' is built in as standard or not, or whether the stuff *could* be encapsulated in an custom build object or class (thus extending the language) to me is un-inportant.

__________________
Click the 'Thanks!' button if this post has helped you

Rob - Webforumz Founder

Smokie, I hope you are using

Code: Select all

cmdSelect.parameters.add("@..", ..)

for your sql. Even more safety :wink:

BTW, .net rocks!

Hi u2

Yep I am using Parameters! I had a few problems with them at first, they would work, I found I needed:

Code: Select all

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.OleDb" %>

...previously i just had:

Code: Select all

<%@ Import Namespace="System.Data.OleDb" %>

..anyway, yeah, .NET rocks!