Protection against SQL Injection Attack 
July 19th, 2006, 02:10 PM
|  | Expert | | Join Date: Jun 2006 Location: Seremban, Malaysia
Posts: 1,630
| |
hi everyone,
Below is a simple function that will give you some protection against an SQL Injection attempt.
what is SQL injection?
SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of variables embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. -
'Function IllegalChars to guard against SQL injection
-
Function IllegalChars(sInput)
-
'Declare variables
-
Dim sBadChars, iCounter
-
'Set IllegalChars to False
-
IllegalChars=False
-
'Create an array of illegal characters and words
-
sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _
-
"#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|")
-
'Loop through array sBadChars using our counter & UBound function
-
For iCounter = 0 to uBound(sBadChars)
-
'Use Function Instr to check presence of illegal character in our variable
-
If Instr(sInput,sBadChars(iCounter))>0 Then
-
IllegalChars=True
-
End If
-
Next
-
End function
-
sample usage.. -
<%
-
'Declare variables
-
Dim sUsername, sPassword
-
'retrieve our form textbox values and assign to variables
-
sUsername=Request.Form("txtUsername")
-
sPassword=Request.Form("txtPassword")
-
-
'Call the function IllegalChars to check for illegal characters
-
If IllegalChars(sUsername)=True OR IllegalChars(sPassword)=True Then
-
Response.redirect("no_access.asp")
-
End If
-
%>
-
|
June 18th, 2007, 03:02 AM
| | Newbie | | Join Date: Jun 2007
Posts: 1
| | | re: Protection against SQL Injection Attack
Quote: |
Originally Posted by sashi hi everyone,
Below is a simple function that will give you some protection against an SQL Injection attempt.
what is SQL injection?
SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of variables embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. -
'Function IllegalChars to guard against SQL injection
-
Function IllegalChars(sInput)
-
'Declare variables
-
Dim sBadChars, iCounter
-
'Set IllegalChars to False
-
IllegalChars=False
-
'Create an array of illegal characters and words
-
sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _
-
"#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|")
-
'Loop through array sBadChars using our counter & UBound function
-
For iCounter = 0 to uBound(sBadChars)
-
'Use Function Instr to check presence of illegal character in our variable
-
If Instr(sInput,sBadChars(iCounter))>0 Then
-
IllegalChars=True
-
End If
-
Next
-
End function
-
sample usage.. -
<%
-
'Declare variables
-
Dim sUsername, sPassword
-
'retrieve our form textbox values and assign to variables
-
sUsername=Request.Form("txtUsername")
-
sPassword=Request.Form("txtPassword")
-
-
'Call the function IllegalChars to check for illegal characters
-
If IllegalChars(sUsername)=True OR IllegalChars(sPassword)=True Then
-
Response.redirect("no_access.asp")
-
End If
-
%>
-
|
could you please be more detailed? i mean just write php code please?
|
August 7th, 2008, 03:58 PM
| | Newbie | | Join Date: Aug 2008
Posts: 1
| | | re: Protection against SQL Injection Attack
Here's a very light ASP function to help protect against these attacks. ASP sql injection prevention |  |
| | |  /bytes/about
We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights.
Get the best answers to your questions from over 225,662 network members.
|
