Escaping characters to stop SQL injection, ASP
Posted on 2010-11-14
Hi Guys and Gals,
I have an ASP site in which users are adding items to the DB (login, password, and a little bit of other info). I am looking for a way to stop the chance of SQL injections from happening.
I also use Dreamweaver to build the site and to make the majority of the DB connections and inserts/updates, etc.
My idea is to remove possible characters from the user generated form data before it hit the sql string. Here is a list of character I was thinking of removing or not allowing: =, <, >, /-+*, ', "
My idea was to build a function that would remove all of the characters listed above.
Would that stop SQL injection attacks?