SQL Injection Help

I am experiencing a lot of attempts at sql injection and one of the most common is putting -1%27 in as a form value or querystring.  There would never be any need in my site to return this value.  What is the best way to "trap" that value and redirect when it is used?
Bob SchneiderCo-OwnerAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Big MontyConnect With a Mentor Senior Web Developer / CEO of ExchangeTree.org Commented:
your best best against sql injection is to use parameterized queries. There's a great article here on EE that will give you the basics on it.

Otherwise you'd have to manually scrub each bit of data in your code that goes into the database. Should you choose this route (I highly recommend against it, go with the PQ's), you could do something like this:

dim val: val = Request.Form('txtFld")  

if InStr( val, "-1%27" ) > 0 then
   '-- do a redirect, or delete the value, or whatever else
end if
0
 
Bob SchneiderCo-OwnerAuthor Commented:
Thank you very much!
0
All Courses

From novice to tech pro — start learning today.