Solved

SQL Injection Help

Posted on 2014-01-18
2
277 Views
Last Modified: 2014-01-18
I am experiencing a lot of attempts at sql injection and one of the most common is putting -1%27 in as a form value or querystring.  There would never be any need in my site to return this value.  What is the best way to "trap" that value and redirect when it is used?
0
Comment
Question by:Bob Schneider
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 33

Accepted Solution

by:
Big Monty earned 500 total points
ID: 39790745
your best best against sql injection is to use parameterized queries. There's a great article here on EE that will give you the basics on it.

Otherwise you'd have to manually scrub each bit of data in your code that goes into the database. Should you choose this route (I highly recommend against it, go with the PQ's), you could do something like this:

dim val: val = Request.Form('txtFld")  

if InStr( val, "-1%27" ) > 0 then
   '-- do a redirect, or delete the value, or whatever else
end if
0
 

Author Closing Comment

by:Bob Schneider
ID: 39790796
Thank you very much!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
In this article I will describe the Backup & Restore method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question