Sql injections

This is a discussion on "Sql injections" within the Classic ASP section. This forum, and the thread "Sql injections are both part of the Program Your Website category.



Go Back   Webforumz.com > Main Forums > Program Your Website > Classic ASP
Reload this Page Sql injections

Notices
Please Register!
Webforumz.com is an education based community supporting web designers, developers and those who are new and learning. If you are a designer, developer, learning web design or are thinking about a career in web design then you have come to the right place. Register for free now to access more information and to participate in discussion and debate.


Closed Thread
 
LinkBack Thread Tools
  #1 (permalink)  
Old Apr 21st, 2004, 10:30
Junior Member
Join Date: Aug 2003
Location: Pakistan
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to humair
Sql injections
Hi
I wana to write form validation in ASP tp safe from SQL specific character
Like
in form input field user write : "one two three and '"
this "'" is make a problem when running that in ASP to insert a data in SQL Server.
how can i safe this.
i wana to write all that kind of SQL Specific script?
Regards
Humair

  #2 (permalink)  
Old Apr 21st, 2004, 10:43
Most Reputable Member
Join Date: Jul 2003
Posts: 1,856
Thanks: 0
Thanked 0 Times in 0 Posts
Right, I'm not entirely sure what you're asking here, but for the benefit of others I think you're asking about stripping out ' and " from user Input so that it cannot cause problems when running it in an SQL statement?
  #3 (permalink)  
Old Apr 21st, 2004, 10:54
Reputable Member
Join Date: Aug 2003
Location: United Kingdom
Posts: 341
Thanks: 0
Thanked 0 Times in 0 Posts
use the replace() function e.g.

strFormData = replace(request.form("[data]"),"'","")
  #4 (permalink)  
Old Apr 21st, 2004, 12:36
Highly Reputable Member
Join Date: Jul 2003
Location: Ipswich, UK
Posts: 690
Thanks: 0
Thanked 0 Times in 0 Posts
Simply replace all singles quotes with 2 single quotes, this way you will not get an error and (I think) you will also be safe from SQL injection attacks. Example:

Code: Select all
strFormData = replace(request.form("[data]"),"'","''")
Closed Thread

Tags
sql, injections

« help | Bulk Email »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 04:40.

Contact Us - Web Design & Development Forums - Archive - Top

Sleep Study Scoring :: Free Bet :: Online Betting :: Bookmakers :: Funny Quotes :: Internet Recruitment Software :: Microsoft CRM Experts :: Online Casino :: Decorated Christmas Trees :: Midwife Forums :: Football Betting :: Web Development India :: Ecommerce Software :: Football Stats :: Dry Cleaning Collection :: Free Bets :: xtreme wales - extreme clothing :: Apuestas :: SEO Company India :: Werbeartikel :: Sharepoint Consultants :: Search Engine Optimisation :: Office Clearance London :: Sharepoint Experts :: Sports Betting :: Casino :: Website Templates :: Online Gambling

Powered by vBulletin®
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0 RC8
© 2003-2008 Webforumz.com : All Rights Reserved

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43