Solved

Sql Injection script

Posted on 2011-09-15
2
289 Views
Last Modified: 2012-05-12
Hi!
I have a sql injection script that i use and still i got som unwanted code in my database, why?

I got a link in the code, but i have replaced < and > in the script.
function funcValidering(strTextmin)
	txtNew = replace(strTextmin,"""","&quot;")
	txtNew = replace(txtNew,"&","&amp;")
    txtNew = replace(txtNew,"'","&#39;")
	txtNew = replace(txtNew, "<", "&lt;")
	txtNew = replace(txtNew, ">", "&gt;")
	txtNew = replace(txtNew, "--", "&#8208;&#8208;")
	txtNew = replace(txtNew, "+", "&#43;")
	txtNew = replace(txtNew, "/*", "")
    txtNew = replace(txtNew, "*/", "")
    txtNew = replace(txtNew, "\n", "")
    txtNew = replace(txtNew, "@@", "")
	funcValidering = txtNew
end function

Open in new window

0
Comment
Question by:MickeC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 31

Accepted Solution

by:
Wayne Barron earned 500 total points
ID: 36548093
Here, give this a shot, this is what I use.

Function ProtectSQL(SQLString)
SQLString = SQLString
SQLString = Replace(SQLString, ">", "&gt;") ' replace > with &gt;
SQLString = Replace(SQLString, "<", "&lt;") ' replace < with &lt;
SQLString = Replace(SQLString, vblf,"<br />") ' replace vblf with <br /> (This is mainly used for Memo fields.
SQLString = Replace(SQLString, "(","&#40;") ' replace ( with &#40;
SQLString = Replace(SQLString, ")","&#41;") ' replace ) with &#41;
SQLString = Replace(SQLString, "&", "&amp;")
SQLString = Replace(SQLString, "@@", "")
SQLString = Replace(SQLString, "/", "&#x2F;")
SQLString = Replace(SQLString, "%", "&#37;")
SQLString = Trim(SQLString)
ProtectSQL = SQLString
End Function

Open in new window


Also, in your code, some of the words are different.


      txtNew = replace(strTextmin,"""","&quot;") ' strTextmin
      txtNew = replace(txtNew,"&","&amp;")       ' txtNew

Good Luck
Carrzkiss
0
 
LVL 31

Expert Comment

by:Wayne Barron
ID: 36548233
Glad I could help.
Carrzkiss
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question