| Navigation |
|
|
|
| Latest Additions |
|
|
|
| Links |
|
|
| Recommendations |
|
|
|
SQL Injection Data Cleaner
By: Lee A. Shurie
|
| Subject: |
SQL Injection |
| Language: |
ASP |
| Rating: |
Rated 14 times. Rate or review this item: 1 2 3 4 5
|
Information
This is a simple input field cleaner to help prevent SQL Injection problems. SQL Injection occurs when a hacker fills out a form on your web site or posts data to a script. If the script which accepts and processes the data reads or writes to a SQL database, the hacker can include SQL commands. Those commands can insert data to your database and/or can output details about the tables and fields in your database.
There is much more to SQL injection, but this simple script will help to clean submitted data. It is intended for alphanumeric fields. You can clean numeric fields separately by testing for isNumeric and Not isNull.
Lee has a good deal of experience protecting web sites from SQL injection.
|
Code
|
Instructions
Add this function to your Classic ASP script or include it in a file with commonly used functions. Call the function like this:
strMyName = Request("MyName")
strMyName = CleanInputData(strMyName)
|
Keywords:SQL Injection, SQL Code Injection, SQL Injection Cleaner
|
|
|
Lee's Code RSS Feed