473,480 Members | 1,891 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

Sql Injection

9 New Member
How to write a fuction to prevent attack from sql injection? Im using Sql server2000 & asp.net.. please reply faster that how to validate server side input values...

thank u for the support
Mar 11 '08 #1
2 1173
dip_developer
648 Recognized Expert Contributor
How to write a fuction to prevent attack from sql injection? Im using Sql server2000 & asp.net.. please reply faster that how to validate server side input values...

thank u for the support
it is not possible to write here the function to prevent sql-injection......rather you should know in-depth what is a sql-injection and how it can be prevented.....plenty of possibilities there which could cause your sql to crash......you have to identify those cases and write your own function accordingly.........
read here..............
http://technet.microsoft.com/en-us/l.../ms161953.aspx

secondly what do u mean by server side input values????
Mar 11 '08 #2
Frinavale
9,735 Recognized Expert Moderator Expert
How to write a fuction to prevent attack from sql injection? Im using Sql server2000 & asp.net.. please reply faster that how to validate server side input values...

thank u for the support
A few quick things
  • Make sure to validate all information coming from the browser.
  • Use stored proceedures: they are precompiled so that you don't have to create query strings based on the users input (which are compiled along with your sql queries).
  • Remove double quotes (") from user's input
  • Use parameters to indicate that the user's information should be handled as a Parameter instead of part of your sql statement...

Seeing as these are just a few things mentioned quickly off the top of my head, I strongly recommend checking out the link that dip_developer has posted and doing research on the topic to guard yourself against this type of attack.

-Frinny
Mar 11 '08 #3

Sign in to post your reply or Sign up for a free account.

Similar topics
1
1753
recommendations/links for learning hwo to write POST/GET scrtips to thwart sql injection
by: NotGiven | last post by:
Steve wrote, > "And read up on "sql injection" attacks (use your favorite search > engine). As indicated, validate input. e.g. if you expert $_GET > to be integer, then do > > $a =...
PHP
1
2143
checking POST vars for SQL INJECTION
by: Cogswell | last post by:
I am working on an ecommerce app and want to be able to take my entire POST results as one item (or iterate through them) and check for any malicious SQL INJECTION items. After checking/escaping...
ASP / Active Server Pages
11
2605
SQL Injection - Stored Procedures
by: Bă§TăRĐ | last post by:
I have been working on this particular project for a little over 2 weeks now. This product contains between 700-900 stored procedures to handle just about all you can imagine within the product. I...
ASP / Active Server Pages
10
23869
Preventing form injection on Classic ASP pages
by: bregent | last post by:
I've seen plenty of articles and utilities for preventing form injections for ASP.NET, but not too much for classic ASP. Are there any good input validation scripts that you use to avoid form...
ASP / Active Server Pages
8
3646
Email injection on a contact form
by: stirrell | last post by:
Hello, One problem that I had been having is stopping email injections on contact forms. I did some research, read up on it and felt like I had created a working solution. I hadn't gotten any...
PHP
7
2554
How can I create an innocuous SQL injection attempt to test apps and evaluate the result programmatically?
by: | last post by:
There are assorted "SQL Injection vulnerability assessment tools" out there. They scan your site and send your report. They also take your money. We don't have the money so I was wondering if I...
ASP.NET
3
5409
IIS 6 SQL Injection Sanitation ISAPI Wildcard
by: =?Utf-8?B?Um9kbmV5IFZpYW5h?= | last post by:
IIS 6 SQL Injection Sanitation ISAPI Wildcard at http://www.codeplex.com/IIS6SQLInjection I created an ISAPI dll application to prevent SQL Injection attempts by intercepting the HTTP requests...
ASP / Active Server Pages
2
2192
question about validation and sql injection
by: Sudhakar | last post by:
A) validating username in php as part of a registration form a user fills there desired username and this is stored in a mysql. there are certain conditions for the username. a) the username...
PHP
12
640
sql injection
by: shank | last post by:
I've been hit again using DW, parameterized queries and stored procedures. I'm guessing I was not strict enough with character counts and allowing to long of a string to pass. Aside from that,...
ASP / Active Server Pages
2
1893
new type of injection? rewrite default document?
by: Brian Bozarth | last post by:
This is weird, I'm pretty familiar with SQL Injection - but we're getting these weird injection that is writing in the default document or home page. What it's doing is putting in script code at...
ASP / Active Server Pages
0
7046
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
6908
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7048
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7088
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
6741
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
5342
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
1300
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
1
563
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
0
183
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us