By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,998 Members | 2,871 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,998 IT Pros & Developers. It's quick & easy.

Protection against SQL Injection Attack

sashi
Expert 100+
P: 1,754
hi everyone,

Below is a simple function that will give you some protection against an SQL Injection attempt.

what is SQL injection?
SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of variables embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

Expand|Select|Wrap|Line Numbers
  1. 'Function IllegalChars to guard against SQL injection
  2. Function IllegalChars(sInput) 
  3. 'Declare variables 
  4. Dim sBadChars, iCounter 
  5. 'Set IllegalChars to False 
  6. IllegalChars=False
  7. 'Create an array of illegal characters and words 
  8. sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _
  9. "#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|") 
  10. 'Loop through array sBadChars using our counter & UBound function
  11. For iCounter = 0 to uBound(sBadChars) 
  12. 'Use Function Instr to check presence of illegal character in our variable
  13. If Instr(sInput,sBadChars(iCounter))>0 Then
  14. IllegalChars=True
  15. End If
  16. Next 
  17. End function
  18.  
sample usage..
Expand|Select|Wrap|Line Numbers
  1. <% 
  2. 'Declare variables 
  3. Dim sUsername, sPassword
  4. 'retrieve our form textbox values and assign to variables 
  5. sUsername=Request.Form("txtUsername")
  6. sPassword=Request.Form("txtPassword")
  7.  
  8. 'Call the function IllegalChars to check for illegal characters
  9. If IllegalChars(sUsername)=True OR IllegalChars(sPassword)=True Then
  10. Response.redirect("no_access.asp")
  11. End If
  12. %>
  13.  
Jul 19 '06 #1
Share this Question
Share on Google+
2 Replies


P: 1
hi everyone,

Below is a simple function that will give you some protection against an SQL Injection attempt.

what is SQL injection?
SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of variables embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

Expand|Select|Wrap|Line Numbers
  1. 'Function IllegalChars to guard against SQL injection
  2. Function IllegalChars(sInput) 
  3. 'Declare variables 
  4. Dim sBadChars, iCounter 
  5. 'Set IllegalChars to False 
  6. IllegalChars=False
  7. 'Create an array of illegal characters and words 
  8. sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _
  9. "#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|") 
  10. 'Loop through array sBadChars using our counter & UBound function
  11. For iCounter = 0 to uBound(sBadChars) 
  12. 'Use Function Instr to check presence of illegal character in our variable
  13. If Instr(sInput,sBadChars(iCounter))>0 Then
  14. IllegalChars=True
  15. End If
  16. Next 
  17. End function
  18.  
sample usage..
Expand|Select|Wrap|Line Numbers
  1. <% 
  2. 'Declare variables 
  3. Dim sUsername, sPassword
  4. 'retrieve our form textbox values and assign to variables 
  5. sUsername=Request.Form("txtUsername")
  6. sPassword=Request.Form("txtPassword")
  7.  
  8. 'Call the function IllegalChars to check for illegal characters
  9. If IllegalChars(sUsername)=True OR IllegalChars(sPassword)=True Then
  10. Response.redirect("no_access.asp")
  11. End If
  12. %>
  13.  

could you please be more detailed? i mean just write php code please?
Jun 18 '07 #2

P: 1
Here's a very light ASP function to help protect against these attacks.

ASP sql injection prevention
Aug 7 '08 #3

Post your reply

Sign in to post your reply or Sign up for a free account.