473,320 Members | 1,900 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Syntax to check on input boxes.

Hi
I am in the process of writing a website which has an access database
and uses asp to access it. Part of the site is a search facility. I
have heard that it is possible for hackers to gain access to the
database by entering SQL in to the search box. First of all is this
possible? Secondly if it is possible, what sort of syntax should i be
checking for on the text entered in to the search field?

Any help would be greatly appreciated.

Cheers
Jul 22 '05 #1
1 1110
david hepworth wrote:
Hi
I am in the process of writing a website which has an access database
and uses asp to access it. Part of the site is a search facility. I
have heard that it is possible for hackers to gain access to the
database by entering SQL in to the search box. First of all is this
possible?
Certainly:
http://mvp.unixwiz.net/techtips/sql-injection.html
http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
http://www.nextgenss.com/papers/adva..._injection.pdf
http://www.nextgenss.com/papers/more..._injection.pdf
Secondly if it is possible, what sort of syntax should i be
checking for on the text entered in to the search field?


You shouldn't. You will never stay ahead of the hackers.

SQL Injection depends on the use of concatenation to generate sql statements
(dynamic sql). You should use parameters instead of dynamic sql. Either via
saved parameter queries:
http://www.google.com/groups?hl=en&l...TNGP12.phx.gbl

or by using a Command object to pass parameters to a sql string containing
parameter markers:
http://groups-beta.google.com/group/...e36562fee7804e

Bob Barrows

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Jul 22 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: KathyB | last post by:
Hi, I'm trying to find a way to validate input text boxes where I don't know the names until the page is rendered. I've got 2 validate functions that fire with the onsubmit button of a "mini" form...
4
by: KathyB | last post by:
Sorry this is a bit of a repost because I wasn't quite accurate in my original. I have an hmtl page with a function to see if there are any input type=text boxes. If so, that means a user did...
2
by: Edward | last post by:
The following html / javascript code produces a simple form with check boxes. There is also a checkbox that 'checks all' form checkboxes hotmail style: <html> <head> <title></title> </head>...
2
by: Shabam | last post by:
I was told that dotnet generates classes for input tags like this: <span class="hello"><input type= "checkbox"></span> The problem here is, the "input" class is overriding the "hello" class....
2
by: jimi_xyz | last post by:
Sorry if this isn't the correct group, i don't think there is a group for straight HTML. I am trying to create a type of search engine. There are two radio buttons at the top, in the middle there...
2
by: Nicolae Fieraru | last post by:
Hi All I have a form, with a few input boxes (number of input boxes can vary). Each input box has a name such as in1, in3, in7, etc (their names can be in any order, although increasing). I...
10
by: tadisaus2 | last post by:
Hello, I want to have a user to check at least 2 check boxes and NO more than 2 boxes. I have different checkbox names because I stored each nam on different field. I tried this code but nothing...
4
by: it2051229 | last post by:
Well i'm having a problem with the compatibility of javascript and PHP multiple delete check box.. i used a javascript for the "CHECK ALL BOXES" just like yahoo mail.. so my input is something like...
4
by: ghjk | last post by:
I have check boxes in my php page. when I click som check boxes and click submit button I want to set read only to check boxes values. This is my code. But it is not working. <td><input value="1"...
1
by: ghjk | last post by:
my php page has 7 check boxes. I stored checked values to database and retrive as binary values. This is the result array Array ( => 0 => 1 => 0 => 1 => 0 => 0 => 1 ) 1 means checked....
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.