November 18, 2008 11:51pm pst

1. hielo 940,507
2. b0lsc0tt 305,548
3. angelIII 191,240
4. dosth 182,340
5. _Stilgar_ 157,314
6. neeraj523 131,917
7. cedlinx 96,200
8. samic400 96,137
9. R_Harrison 88,570
10. CyrexCor... 69,720
11. ryancys 61,163
12. bluV11t 60,955
13. gawai 56,643
14. GreenGho... 55,949
15. the_crazed 55,314
16. CCongdon 54,650
17. cyberweb... 53,815
18. deathtospam 52,450
19. pratima_... 52,172
20. kevp75 51,006
21. asvforce 49,032
22. chapmandew 47,730
23. golfDoctor 46,997
24. DanielWilson 46,905
25. TimCottee 45,950

1. fritz_the... 3,970,430
2. alorentz 1,929,293
3. amit_g 1,328,388
4. hielo 970,317
5. ap_sajith 921,034
6. hongjun 914,936
7. WMIF 899,748
8. kevp75 859,933
9. b0lsc0tt 819,682
10. jitganguly 782,862
11. angelIII 694,075
12. peh803 684,060
13. acperkins 658,528
14. Silvers5 625,555
15. GaryC123 576,095
16. carl_tawn 572,230
17. sybe 565,215
18. ryancys 518,650
19. neeraj523 516,398
20. SquareHead 515,787
21. deighc 466,721
22. apresto 450,527
23. golfDoctor 449,643
24. gladxml 429,512
25. mgfranz 418,620

09.19.2008 at 08:47AM PDT, ID: 23746316

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

7.6

Preventing SQL Injection

Asked by engineroom in Active Server Pages (ASP)

Hey all, I need to make sure that my site cannot be "Sql Injected". You can see the code that i am currently using. Unfortunately this code does work but on the site you can make comments. If there is a comment that has a "!" or any other character, then it will throw up the error. This isn't very practical. How do i go about protecting myself from sql injection and at the same time not letting interfere with normal operations of the website? Thanx all!Start Free Trial

         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:

           
           
             function sanitize(str)
 
bad = Array("!","#","$","%","^","&","*","(",")","=","+","{","}","[","]","|","/","\",",",";","?",">","<")
for each obj in bad
	if instr(cstr(str),obj)<>0 then 
		if instr(request.ServerVariables("SCRIPT_NAME"),"categories.asp")<>0  then 'AND (obj="%" OR obj="+") then
			'response.write("true")
		else
			response.write("These characters are not allowed! Hit the back button on your browser to return to the site.")
			response.End()
			exit for
		end if
	end if
next
 
	sanitize = replace(trim(str),"'","''")
 
end function

           
         

Keywords: Preventing SQL Injection

	Title
1	sql injection, quotes and cfqueryparam
2	SQL Injection,
3	SQL injection
4	banner82 sql injection
5	SQL Injection Attack
6	SQL Injection

Loading Advertisement...

20080716-EE-VQP-32 / EE_QW_2_20070628

Preventing SQL Injection

Asked by engineroom in Active Server Pages (ASP)

About this solution