?
Solved

SQL Injection Help

Posted on 2014-01-18
2
Medium Priority
?
279 Views
Last Modified: 2014-01-18
I am experiencing a lot of attempts at sql injection and one of the most common is putting -1%27 in as a form value or querystring.  There would never be any need in my site to return this value.  What is the best way to "trap" that value and redirect when it is used?
0
Comment
Question by:Bob Schneider
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 33

Accepted Solution

by:
Big Monty earned 2000 total points
ID: 39790745
your best best against sql injection is to use parameterized queries. There's a great article here on EE that will give you the basics on it.

Otherwise you'd have to manually scrub each bit of data in your code that goes into the database. Should you choose this route (I highly recommend against it, go with the PQ's), you could do something like this:

dim val: val = Request.Form('txtFld")  

if InStr( val, "-1%27" ) > 0 then
   '-- do a redirect, or delete the value, or whatever else
end if
0
 

Author Closing Comment

by:Bob Schneider
ID: 39790796
Thank you very much!
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi all, It is important and often overlooked to understand “Database properties”. Often we see questions about "log files" or "where is the database" and one of the easiest ways to get general information about your database is to use “Database p…
Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question