Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Sql Injection script

Posted on 2011-09-15
2
Medium Priority
?
300 Views
Last Modified: 2012-05-12
Hi!
I have a sql injection script that i use and still i got som unwanted code in my database, why?

I got a link in the code, but i have replaced < and > in the script.
function funcValidering(strTextmin)
	txtNew = replace(strTextmin,"""","&quot;")
	txtNew = replace(txtNew,"&","&amp;")
    txtNew = replace(txtNew,"'","&#39;")
	txtNew = replace(txtNew, "<", "&lt;")
	txtNew = replace(txtNew, ">", "&gt;")
	txtNew = replace(txtNew, "--", "&#8208;&#8208;")
	txtNew = replace(txtNew, "+", "&#43;")
	txtNew = replace(txtNew, "/*", "")
    txtNew = replace(txtNew, "*/", "")
    txtNew = replace(txtNew, "\n", "")
    txtNew = replace(txtNew, "@@", "")
	funcValidering = txtNew
end function

Open in new window

0
Comment
Question by:MickeC
  • 2
2 Comments
 
LVL 31

Accepted Solution

by:
Wayne Barron earned 2000 total points
ID: 36548093
Here, give this a shot, this is what I use.

Function ProtectSQL(SQLString)
SQLString = SQLString
SQLString = Replace(SQLString, ">", "&gt;") ' replace > with &gt;
SQLString = Replace(SQLString, "<", "&lt;") ' replace < with &lt;
SQLString = Replace(SQLString, vblf,"<br />") ' replace vblf with <br /> (This is mainly used for Memo fields.
SQLString = Replace(SQLString, "(","&#40;") ' replace ( with &#40;
SQLString = Replace(SQLString, ")","&#41;") ' replace ) with &#41;
SQLString = Replace(SQLString, "&", "&amp;")
SQLString = Replace(SQLString, "@@", "")
SQLString = Replace(SQLString, "/", "&#x2F;")
SQLString = Replace(SQLString, "%", "&#37;")
SQLString = Trim(SQLString)
ProtectSQL = SQLString
End Function

Open in new window


Also, in your code, some of the words are different.


      txtNew = replace(strTextmin,"""","&quot;") ' strTextmin
      txtNew = replace(txtNew,"&","&amp;")       ' txtNew

Good Luck
Carrzkiss
0
 
LVL 31

Expert Comment

by:Wayne Barron
ID: 36548233
Glad I could help.
Carrzkiss
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question