Wrox Programmer Forums
|
Classic ASP Databases Discuss using ASP 3 to work with data in databases, including ASP Database Setup issues from the old P2P forum on this specific subtopic. See also the book forum Beginning ASP.NET Databases for questions specific to that book. NOT for ASP.NET 1.0, 1.1, or 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Databases section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old May 29th, 2004, 01:07 AM
Authorized User
  
Join Date: Apr 2004
Posts: 87
Thanks: 0
Thanked 0 Times in 0 Posts
Default Help me !
First ! Fogiver me about my English. I'm a Vietnamese

I'm creating a feedback page I use Ms Access Database
when a customer feedback my page then it will be insert into
my database . When i want to read the content of the customer feedback
i must be login into my page. But i dont know how to i reject
SQL injection in my page
 
Old May 29th, 2004, 04:15 PM
Friend of Wrox
  
Join Date: Oct 2003
Posts: 336
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to alyeng2000
Default
i think you have to clear more

Ahmed Ali
Software Developer
 
Old May 30th, 2004, 08:30 AM
Friend of Wrox
  
Join Date: Jun 2003
Posts: 1,998
Thanks: 0
Thanked 3 Times in 3 Posts
Default
Hello,

You need to check user input, some of the following characters below would be involved:

--, *, "UNION SELECT"

There are some other characters to test, if you look it up in the web.

Brian
 
Old June 2nd, 2004, 09:10 AM
Friend of Wrox
  
Join Date: Sep 2003
Posts: 171
Thanks: 0
Thanked 1 Time in 1 Post
Default
<%
    response.buffer = true

' ==request UserName and Password here==
    uid = request("UserName")
    pwd = request("Password")

' ==start sanitizing uid and pwd==
    ThisUid = true
    ThisPwd = true
    sChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklm nopqrstuvwxyz"

    LenPwd = Len(Uid)
    for n = 1 to LenUid
        MidUid = Mid(Uid,n,1)
        if InStr(sChars, MidUid) = 0 then
            ThisUid = false
        end if
    next

    LenPwd = Len(Pwd)
    for p = 1 to LenPwd
        MidPwd = mid(Pwd,p,1)
        if InStr(sChars, MidPwd) = 0 then
            ThisPwd = false
        end if
    next

' ==bounce back to login page if Uid or Pwd is invalid otherwise continue authentication==
    if ThisUid = false OR ThisPwd = false then

        response.redirect "LoginPage.asp"

    else

' --authenticate against database here--

    end if
%>








Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.