473,413 Members | 1,799 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > asp and sql injection prevention

Join Bytes to post your question to a community of 473,413 software developers and data experts.

ASP and SQL Injection prevention

Is it possible to "intercept" all calls to conn.execute and have them go to
a checking routine that will either let the command go through or terminate
it if it contains some illegal instructions? My clients company has had its
hacker free status revoked due to the possibility of sql injection. I could
put a function before every single conn.execute but we have hundreds of
them. Just wondering if there is some way of telling it to do something else
first. Maybe I can redefine conn.execute somehow?

Thanks!
Mar 7 '06 #1
1 3425
Simon Wigzell wrote:
Is it possible to "intercept" all calls to conn.execute and have them
go to a checking routine that will either let the command go through
or terminate it if it contains some illegal instructions? My clients
company has had its hacker free status revoked due to the possibility
of sql injection. I could put a function before every single
conn.execute but we have hundreds of them. Just wondering if there is
some way of telling it to do something else first. Maybe I can
redefine conn.execute somehow?
Thanks!

The best way to prevent sql injection is to use parameters instead of
concatenation. See
Access:
http://www.google.com/groups?hl=en&l...TNGP12.phx.gbl

http://groups.google.com/groups?hl=e...tngp13.phx.gbl

Select statement:
http://groups-beta.google.com/group/...d322b882a604bd

Using Command object to parameterize CommandText:
http://groups-beta.google.com/group/...e36562fee7804e
SQL Server:

http://tinyurl.com/jyy0

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Mar 8 '06 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

11
SQL Injection - Stored Procedures
by: Bă§TăRĐ | last post by:
I have been working on this particular project for a little over 2 weeks now. This product contains between 700-900 stored procedures to handle just about all you can imagine within the product. I...
ASP / Active Server Pages
16
SQL Injection Prevention Quickfix.. will it work
by: Michael Kujawa | last post by:
Hi All, I have been given a site to redo. In the process of looking at the code, the live site is open to SQL injection. I know what needs to be done but limited time right now to redo correctly....
ASP / Active Server Pages
8
Email injection on a contact form
by: stirrell | last post by:
Hello, One problem that I had been having is stopping email injections on contact forms. I did some research, read up on it and felt like I had created a working solution. I hadn't gotten any...
PHP
1
sql injection prevention
by: Doug | last post by:
Hi, I have a question on sql injection attacks. I am building a tool that will be used exclusively by our other developers and will generate stored procs for them dynamically based off input...
C# / C Sharp
7
How can I create an innocuous SQL injection attempt to test apps and evaluate the result programmatically?
by: | last post by:
There are assorted "SQL Injection vulnerability assessment tools" out there. They scan your site and send your report. They also take your money. We don't have the money so I was wondering if I...
ASP.NET
2
question about validation and sql injection
by: Sudhakar | last post by:
A) validating username in php as part of a registration form a user fills there desired username and this is stored in a mysql. there are certain conditions for the username. a) the username...
PHP
12
sql injection
by: shank | last post by:
I've been hit again using DW, parameterized queries and stored procedures. I'm guessing I was not strict enough with character counts and allowing to long of a string to pass. Aside from that,...
ASP / Active Server Pages
14
Frinavale
IE8 "Data Execution Prevention" error thrown when setting hidden field value
by: Frinavale | last post by:
I've been trying to test my web application using Internet Explorer 8 (release candidate 1) and have been experiencing some major problems. I'm hoping you can help me with this one. I have a...
Javascript
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!