Solved

SQL Injection Help

Posted on 2014-01-18
2
272 Views
Last Modified: 2014-01-18
I am experiencing a lot of attempts at sql injection and one of the most common is putting -1%27 in as a form value or querystring.  There would never be any need in my site to return this value.  What is the best way to "trap" that value and redirect when it is used?
0
Comment
Question by:Bob Schneider
2 Comments
 
LVL 33

Accepted Solution

by:
Big Monty earned 500 total points
ID: 39790745
your best best against sql injection is to use parameterized queries. There's a great article here on EE that will give you the basics on it.

Otherwise you'd have to manually scrub each bit of data in your code that goes into the database. Should you choose this route (I highly recommend against it, go with the PQ's), you could do something like this:

dim val: val = Request.Form('txtFld")  

if InStr( val, "-1%27" ) > 0 then
   '-- do a redirect, or delete the value, or whatever else
end if
0
 

Author Closing Comment

by:Bob Schneider
ID: 39790796
Thank you very much!
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question