469,953 Members | 2,257 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,953 developers. It's quick & easy.

ASP and SQL Injection prevention

Is it possible to "intercept" all calls to conn.execute and have them go to
a checking routine that will either let the command go through or terminate
it if it contains some illegal instructions? My clients company has had its
hacker free status revoked due to the possibility of sql injection. I could
put a function before every single conn.execute but we have hundreds of
them. Just wondering if there is some way of telling it to do something else
first. Maybe I can redefine conn.execute somehow?

Thanks!
Mar 7 '06 #1
1 3299
Simon Wigzell wrote:
Is it possible to "intercept" all calls to conn.execute and have them
go to a checking routine that will either let the command go through
or terminate it if it contains some illegal instructions? My clients
company has had its hacker free status revoked due to the possibility
of sql injection. I could put a function before every single
conn.execute but we have hundreds of them. Just wondering if there is
some way of telling it to do something else first. Maybe I can
redefine conn.execute somehow?
Thanks!

The best way to prevent sql injection is to use parameters instead of
concatenation. See
Access:
http://www.google.com/groups?hl=en&l...TNGP12.phx.gbl

http://groups.google.com/groups?hl=e...tngp13.phx.gbl

Select statement:
http://groups-beta.google.com/group/...d322b882a604bd

Using Command object to parameterize CommandText:
http://groups-beta.google.com/group/...e36562fee7804e
SQL Server:

http://tinyurl.com/jyy0

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Mar 8 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

8 posts views Thread by stirrell | last post: by
1 post views Thread by Doug | last post: by
2 posts views Thread by Sudhakar | last post: by
12 posts views Thread by shank | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.