Solved

Sql Injection script

Posted on 2011-09-15
2
281 Views
Last Modified: 2012-05-12
Hi!
I have a sql injection script that i use and still i got som unwanted code in my database, why?

I got a link in the code, but i have replaced < and > in the script.
function funcValidering(strTextmin)
	txtNew = replace(strTextmin,"""","&quot;")
	txtNew = replace(txtNew,"&","&amp;")
    txtNew = replace(txtNew,"'","&#39;")
	txtNew = replace(txtNew, "<", "&lt;")
	txtNew = replace(txtNew, ">", "&gt;")
	txtNew = replace(txtNew, "--", "&#8208;&#8208;")
	txtNew = replace(txtNew, "+", "&#43;")
	txtNew = replace(txtNew, "/*", "")
    txtNew = replace(txtNew, "*/", "")
    txtNew = replace(txtNew, "\n", "")
    txtNew = replace(txtNew, "@@", "")
	funcValidering = txtNew
end function

Open in new window

0
Comment
Question by:MickeC
  • 2
2 Comments
 
LVL 30

Accepted Solution

by:
Wayne Barron earned 500 total points
ID: 36548093
Here, give this a shot, this is what I use.

Function ProtectSQL(SQLString)
SQLString = SQLString
SQLString = Replace(SQLString, ">", "&gt;") ' replace > with &gt;
SQLString = Replace(SQLString, "<", "&lt;") ' replace < with &lt;
SQLString = Replace(SQLString, vblf,"<br />") ' replace vblf with <br /> (This is mainly used for Memo fields.
SQLString = Replace(SQLString, "(","&#40;") ' replace ( with &#40;
SQLString = Replace(SQLString, ")","&#41;") ' replace ) with &#41;
SQLString = Replace(SQLString, "&", "&amp;")
SQLString = Replace(SQLString, "@@", "")
SQLString = Replace(SQLString, "/", "&#x2F;")
SQLString = Replace(SQLString, "%", "&#37;")
SQLString = Trim(SQLString)
ProtectSQL = SQLString
End Function

Open in new window


Also, in your code, some of the words are different.


      txtNew = replace(strTextmin,"""","&quot;") ' strTextmin
      txtNew = replace(txtNew,"&","&amp;")       ' txtNew

Good Luck
Carrzkiss
0
 
LVL 30

Expert Comment

by:Wayne Barron
ID: 36548233
Glad I could help.
Carrzkiss
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Select2 jquery help 9 95
Downside of adding characters set in ASP pages 6 30
ASP server side get value 15 39
send email part1 9 28
I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:  The Exchange of information …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question