Protection against SQL Injection Attack
Question posted by: sashi
( Expert)
on
July 19th, 2006 01:10 PM
hi everyone,
Below is a simple function that will give you some protection against an SQL Injection attempt.
what is SQL injection?
SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of variables embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
Code: ( text )
'Function IllegalChars to guard against SQL injection Function IllegalChars(sInput) 'Declare variables Dim sBadChars, iCounter 'Set IllegalChars to False IllegalChars=False 'Create an array of illegal characters and words sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _ "#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|") 'Loop through array sBadChars using our counter & UBound function For iCounter = 0 to uBound(sBadChars) 'Use Function Instr to check presence of illegal character in our variable If Instr(sInput,sBadChars(iCounter))>0 Then IllegalChars=True End If Next End function
sample usage..
Code: ( text )
<% 'Declare variables Dim sUsername, sPassword 'retrieve our form textbox values and assign to variables sUsername=Request.Form("txtUsername") sPassword=Request.Form("txtPassword") 'Call the function IllegalChars to check for illegal characters If IllegalChars(sUsername)=True OR IllegalChars(sPassword)=True Then Response.redirect("no_access.asp") End If %>
Would you like to answer this question?
Sign up for a free account, or Login (if you're already a member).
|
|
June 18th, 2007 02:02 AM
# 2
|
Re: Protection against SQL Injection Attack
Quote:
Originally Posted by sashi
hi everyone,
Below is a simple function that will give you some protection against an SQL Injection attempt.
what is SQL injection?
SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of variables embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
Code: ( text )
'Function IllegalChars to guard against SQL injection Function IllegalChars(sInput) 'Declare variables Dim sBadChars, iCounter 'Set IllegalChars to False IllegalChars=False 'Create an array of illegal characters and words sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _ "#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|") 'Loop through array sBadChars using our counter & UBound function For iCounter = 0 to uBound(sBadChars) 'Use Function Instr to check presence of illegal character in our variable If Instr(sInput,sBadChars(iCounter))>0 Then IllegalChars=True End If Next End function
sample usage..
Code: ( text )
<% 'Declare variables Dim sUsername, sPassword 'retrieve our form textbox values and assign to variables sUsername=Request.Form("txtUsername") sPassword=Request.Form("txtPassword") 'Call the function IllegalChars to check for illegal characters If IllegalChars(sUsername)=True OR IllegalChars(sPassword)=True Then Response.redirect("no_access.asp") End If %>
|
could you please be more detailed? i mean just write php code please?
 |
Not the answer you were looking for? Post your question . . .
169,970 Experts ready to help you find a solution.
Sign up for a free account, or Login (if you're already a member).
|
|
|
Top ASP Forum Contributors
|
