Notices

Great community. Great ideas.

Welcome to ASP/Free, a community dedicated to helping beginners and professionals alike in improving their knowledge of Microsoft's development and administration technologies. Sign up today to gain access to the combined insight of tens of thousands of members.

Thread: SQL Injection Protection

Results 1 to 2 of 2
Share This Thread →
  1. #1
    cooperljrh is offline Contributing User
    Join Date
    Dec 2006
    Location
    Jacksonville
    Posts
    409
    Rep Power
    16

    SQL Injection Protection

    Hey all,

    I'm looking for the best way to protect my classic ASP site from SQL Injection. I've created "whitelist" and "blacklist" functions which have an array of permitted and not permitted letters/words, respectively. But my blacklist has words like: "drop," "alter," "begin," "end," etc, which tend to be used more frequently than I had anticipated. As it is, if any word on the blacklist is present, the SQLInjectCheck fails and the form submission is lost and the user is redirected to an error page.

    I want to make this better, without having to learn a new language or framework, but I'm unsure how to go about doing it. Before I start I wanted to ask around to see how others are handling this. I was thinking about converting the string to ASCII, and then reconvert them when I pull it out of the database, which would essentially sanitize the injection, but I'm not sure if there is a better method.

    Any tips/pointers/links would be greatly appreciated.

  2. #2
    bigmike1212's Avatar
    bigmike1212 is offline 0x800A0C93
    Join Date
    Jan 2009
    Location
    Ridin' through this world...
    Posts
    2,975
    Rep Power
    1310
    Parameterized queries.
    Brinkster- free development account. Not affiliated, but I sure like free. Brinkster.com

Share This Thread →

Become Part of This Conversation

Join NowFor Free!

Similar Threads

  1. SQL Injection
    By sparky753 in forum ASP Development
    Replies: 3
    Last Post: December 5th, 2008, 11:56 AM
  2. Protection from SQL injection attacks
    By garry79 in forum ASP Development
    Replies: 2
    Last Post: July 24th, 2008, 10:56 AM
  3. Sql injection in php
    By sudhakararaog in forum Programming Help
    Replies: 1
    Last Post: June 2nd, 2008, 03:11 PM
  4. ASP function for SQL Injection Protection
    By indigojo in forum ASP Development
    Replies: 6
    Last Post: November 12th, 2007, 11:32 AM
  5. Sql injection
    By Guddu in forum ASP Development
    Replies: 7
    Last Post: December 23rd, 2005, 04:43 AM

ASP Free Advertisers and Affiliates