472,145 Members | 1,571 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > protection against sql injection attack

Join Bytes to post your question to a community of 472,145 software developers and data experts.

Protection against SQL Injection Attack

sashi
1,754 Expert 1GB
hi everyone,

Below is a simple function that will give you some protection against an SQL Injection attempt.

what is SQL injection?
SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of variables embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

Expand|Select|Wrap|Line Numbers
  1. 'Function IllegalChars to guard against SQL injection
  2. Function IllegalChars(sInput) 
  3. 'Declare variables 
  4. Dim sBadChars, iCounter 
  5. 'Set IllegalChars to False 
  6. IllegalChars=False
  7. 'Create an array of illegal characters and words 
  8. sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _
  9. "#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|") 
  10. 'Loop through array sBadChars using our counter & UBound function
  11. For iCounter = 0 to uBound(sBadChars) 
  12. 'Use Function Instr to check presence of illegal character in our variable
  13. If Instr(sInput,sBadChars(iCounter))>0 Then
  14. IllegalChars=True
  15. End If
  16. Next 
  17. End function
  18.  
sample usage..
Expand|Select|Wrap|Line Numbers
  1. <% 
  2. 'Declare variables 
  3. Dim sUsername, sPassword
  4. 'retrieve our form textbox values and assign to variables 
  5. sUsername=Request.Form("txtUsername")
  6. sPassword=Request.Form("txtPassword")
  7.  
  8. 'Call the function IllegalChars to check for illegal characters
  9. If IllegalChars(sUsername)=True OR IllegalChars(sPassword)=True Then
  10. Response.redirect("no_access.asp")
  11. End If
  12. %>
  13.  
Jul 19 '06 #1
2 10543
vladnz
1
hi everyone,

Below is a simple function that will give you some protection against an SQL Injection attempt.

what is SQL injection?
SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of variables embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

Expand|Select|Wrap|Line Numbers
  1. 'Function IllegalChars to guard against SQL injection
  2. Function IllegalChars(sInput) 
  3. 'Declare variables 
  4. Dim sBadChars, iCounter 
  5. 'Set IllegalChars to False 
  6. IllegalChars=False
  7. 'Create an array of illegal characters and words 
  8. sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _
  9. "#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|") 
  10. 'Loop through array sBadChars using our counter & UBound function
  11. For iCounter = 0 to uBound(sBadChars) 
  12. 'Use Function Instr to check presence of illegal character in our variable
  13. If Instr(sInput,sBadChars(iCounter))>0 Then
  14. IllegalChars=True
  15. End If
  16. Next 
  17. End function
  18.  
sample usage..
Expand|Select|Wrap|Line Numbers
  1. <% 
  2. 'Declare variables 
  3. Dim sUsername, sPassword
  4. 'retrieve our form textbox values and assign to variables 
  5. sUsername=Request.Form("txtUsername")
  6. sPassword=Request.Form("txtPassword")
  7.  
  8. 'Call the function IllegalChars to check for illegal characters
  9. If IllegalChars(sUsername)=True OR IllegalChars(sPassword)=True Then
  10. Response.redirect("no_access.asp")
  11. End If
  12. %>
  13.  

could you please be more detailed? i mean just write php code please?
Jun 18 '07 #2
Here's a very light ASP function to help protect against these attacks.

ASP sql injection prevention
Aug 7 '08 #3

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics
Copy protection for a .NET application
75 posts views Thread by Massimo | last post: by
SQL Injection - Stored Procedures
11 posts views Thread by Bã§TãRÐ | last post: by
Buffer overflow protection
13 posts views Thread by Ioannis Vranos | last post: by
SQL Injection Attack
7 posts views Thread by joshsackett | last post: by
SQL Injection Attacks
4 posts views Thread by poppy | last post: by
sql injection prevention
1 post views Thread by Doug | last post: by
Creating a social network (help)
reply views Thread by Saiars | last post: by
openGauss security policy
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Advertise
Terms Of Use
Privacy Policy
Contact Us
Sitemap

Follow us! Get the Latest Bytes Updates