Solved

Sql Injection script

Posted on 2011-09-15
2
285 Views
Last Modified: 2012-05-12
Hi!
I have a sql injection script that i use and still i got som unwanted code in my database, why?

I got a link in the code, but i have replaced < and > in the script.
function funcValidering(strTextmin)
	txtNew = replace(strTextmin,"""","&quot;")
	txtNew = replace(txtNew,"&","&amp;")
    txtNew = replace(txtNew,"'","&#39;")
	txtNew = replace(txtNew, "<", "&lt;")
	txtNew = replace(txtNew, ">", "&gt;")
	txtNew = replace(txtNew, "--", "&#8208;&#8208;")
	txtNew = replace(txtNew, "+", "&#43;")
	txtNew = replace(txtNew, "/*", "")
    txtNew = replace(txtNew, "*/", "")
    txtNew = replace(txtNew, "\n", "")
    txtNew = replace(txtNew, "@@", "")
	funcValidering = txtNew
end function

Open in new window

0
Comment
Question by:MickeC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 31

Accepted Solution

by:
Wayne Barron earned 500 total points
ID: 36548093
Here, give this a shot, this is what I use.

Function ProtectSQL(SQLString)
SQLString = SQLString
SQLString = Replace(SQLString, ">", "&gt;") ' replace > with &gt;
SQLString = Replace(SQLString, "<", "&lt;") ' replace < with &lt;
SQLString = Replace(SQLString, vblf,"<br />") ' replace vblf with <br /> (This is mainly used for Memo fields.
SQLString = Replace(SQLString, "(","&#40;") ' replace ( with &#40;
SQLString = Replace(SQLString, ")","&#41;") ' replace ) with &#41;
SQLString = Replace(SQLString, "&", "&amp;")
SQLString = Replace(SQLString, "@@", "")
SQLString = Replace(SQLString, "/", "&#x2F;")
SQLString = Replace(SQLString, "%", "&#37;")
SQLString = Trim(SQLString)
ProtectSQL = SQLString
End Function

Open in new window


Also, in your code, some of the words are different.


      txtNew = replace(strTextmin,"""","&quot;") ' strTextmin
      txtNew = replace(txtNew,"&","&amp;")       ' txtNew

Good Luck
Carrzkiss
0
 
LVL 31

Expert Comment

by:Wayne Barron
ID: 36548233
Glad I could help.
Carrzkiss
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
jquery to restrict certain words from input in form 11 52
Select case on click 3 31
MS SQL 2008 and stored prodcures and dates 5 35
Save data in two Database, Asp 2 70
I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question