Solved

SQL Injection Help

Posted on 2014-01-18
2
264 Views
Last Modified: 2014-01-18
I am experiencing a lot of attempts at sql injection and one of the most common is putting -1%27 in as a form value or querystring.  There would never be any need in my site to return this value.  What is the best way to "trap" that value and redirect when it is used?
0
Comment
Question by:Bob Schneider
2 Comments
 
LVL 32

Accepted Solution

by:
Big Monty earned 500 total points
Comment Utility
your best best against sql injection is to use parameterized queries. There's a great article here on EE that will give you the basics on it.

Otherwise you'd have to manually scrub each bit of data in your code that goes into the database. Should you choose this route (I highly recommend against it, go with the PQ's), you could do something like this:

dim val: val = Request.Form('txtFld")  

if InStr( val, "-1%27" ) > 0 then
   '-- do a redirect, or delete the value, or whatever else
end if
0
 

Author Closing Comment

by:Bob Schneider
Comment Utility
Thank you very much!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now