#1
  1. No Profile Picture
    Contributing User
    ASP Discoverer (100 - 499 posts)

    Join Date
    Dec 2006
    Location
    Jacksonville
    Posts
    409
    Rep Power
    16

    SQL Injection Protection


    Hey all,

    I'm looking for the best way to protect my classic ASP site from SQL Injection. I've created "whitelist" and "blacklist" functions which have an array of permitted and not permitted letters/words, respectively. But my blacklist has words like: "drop," "alter," "begin," "end," etc, which tend to be used more frequently than I had anticipated. As it is, if any word on the blacklist is present, the SQLInjectCheck fails and the form submission is lost and the user is redirected to an error page.

    I want to make this better, without having to learn a new language or framework, but I'm unsure how to go about doing it. Before I start I wanted to ask around to see how others are handling this. I was thinking about converting the string to ASCII, and then reconvert them when I pull it out of the database, which would essentially sanitize the injection, but I'm not sure if there is a better method.

    Any tips/pointers/links would be greatly appreciated.
  2. #2
  3. 0x800A0C93
    ASP Super Hero (2500 - 2999 posts)

    Join Date
    Jan 2009
    Location
    Ridin' through this world...
    Posts
    2,975
    Rep Power
    1310
    Parameterized queries.
    Brinkster- free development account. Not affiliated, but I sure like free. Brinkster.com

Similar Threads

  1. SQL Injection
    By sparky753 in forum ASP Development
    Replies: 3
    Last Post: December 5th, 2008, 12:56 PM
  2. Protection from SQL injection attacks
    By garry79 in forum ASP Development
    Replies: 2
    Last Post: July 24th, 2008, 11:56 AM
  3. Sql injection in php
    By sudhakararaog in forum Programming Help
    Replies: 1
    Last Post: June 2nd, 2008, 04:11 PM
  4. ASP function for SQL Injection Protection
    By indigojo in forum ASP Development
    Replies: 6
    Last Post: November 12th, 2007, 12:32 PM
  5. Sql injection
    By Guddu in forum ASP Development
    Replies: 7
    Last Post: December 23rd, 2005, 05:43 AM

IMN logo majestic logo threadwatch logo seochat tools logo