hi everyone,
Below is a simple function that will give you some protection against an SQL Injection attempt.
what is SQL injection?
SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of variables embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. -
'Function IllegalChars to guard against SQL injection
-
Function IllegalChars(sInput)
-
'Declare variables
-
Dim sBadChars, iCounter
-
'Set IllegalChars to False
-
IllegalChars=False
-
'Create an array of illegal characters and words
-
sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _
-
"#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|")
-
'Loop through array sBadChars using our counter & UBound function
-
For iCounter = 0 to uBound(sBadChars)
-
'Use Function Instr to check presence of illegal character in our variable
-
If Instr(sInput,sBadChars(iCounter))>0 Then
-
IllegalChars=True
-
End If
-
Next
-
End function
-
sample usage.. -
<%
-
'Declare variables
-
Dim sUsername, sPassword
-
'retrieve our form textbox values and assign to variables
-
sUsername=Request.Form("txtUsername")
-
sPassword=Request.Form("txtPassword")
-
-
'Call the function IllegalChars to check for illegal characters
-
If IllegalChars(sUsername)=True OR IllegalChars(sPassword)=True Then
-
Response.redirect("no_access.asp")
-
End If
-
%>
-
2 10643
hi everyone,
Below is a simple function that will give you some protection against an SQL Injection attempt.
what is SQL injection?
SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of variables embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. -
'Function IllegalChars to guard against SQL injection
-
Function IllegalChars(sInput)
-
'Declare variables
-
Dim sBadChars, iCounter
-
'Set IllegalChars to False
-
IllegalChars=False
-
'Create an array of illegal characters and words
-
sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _
-
"#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|")
-
'Loop through array sBadChars using our counter & UBound function
-
For iCounter = 0 to uBound(sBadChars)
-
'Use Function Instr to check presence of illegal character in our variable
-
If Instr(sInput,sBadChars(iCounter))>0 Then
-
IllegalChars=True
-
End If
-
Next
-
End function
-
sample usage.. -
<%
-
'Declare variables
-
Dim sUsername, sPassword
-
'retrieve our form textbox values and assign to variables
-
sUsername=Request.Form("txtUsername")
-
sPassword=Request.Form("txtPassword")
-
-
'Call the function IllegalChars to check for illegal characters
-
If IllegalChars(sUsername)=True OR IllegalChars(sPassword)=True Then
-
Response.redirect("no_access.asp")
-
End If
-
%>
-
could you please be more detailed? i mean just write php code please?
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Massimo |
last post by:
I'm planning to develop a .NET application using C#, in order to sell it as
a shareware and/or as a full package, so I'll need a good way to protect it
against piracy. I know some ways to protect...
|
by: Bã§TãRÐ |
last post by:
I have been working on this particular project for a little over 2 weeks now. This product contains between 700-900 stored procedures to handle just about all you can imagine within the product. I...
|
by: Ioannis Vranos |
last post by:
If we want our programs to be protected against buffer overflows, must we
check the size of the various containers explicitly?
E.g.
#include <iostream>
#include <string>
int main()
|
by: joshsackett |
last post by:
All,
I am trying to test an attack against a web page. The VBScript runs 2
queries against the database; the first must succeed before the second
runs. Here is the code:
1st-
select * from...
|
by: poppy |
last post by:
I think a site I developed has been the victim of a sql
injection attack.I know how to stop this happening in
future but:
Is there any way I can trace such an attack?
|
by: bregent |
last post by:
I've seen plenty of articles and utilities for preventing form injections for
ASP.NET, but not too much for classic ASP. Are there any good input validation
scripts that you use to avoid form...
|
by: Doug |
last post by:
Hi,
I have a question on sql injection attacks. I am building a tool that
will be used exclusively by our other developers and will generate
stored procs for them dynamically based off input...
|
by: anojjona |
last post by:
Hi,
I need to figure out what some code that was maliciously executed
against a database does. However, it's in a very strange format. It
simply declares a variable and sets it equal to a huge...
|
by: ChipR |
last post by:
Since we're talking about filters, make sure you also use a filter for semicolons (at the minimum) on any input that is going directly into an SQL statement to prevent your entire database from being...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |