• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 247
  • Last Modified:

securing my site

Hello Experts

My first time posting here, and relatively new to EE, so be gentle!

Recently, a friend of mine asked me if I could help him out with his site which is written in classic asp. Being from the VB Programming world, I thought it would be a good challenge and also a good way to build up my web development skills, which are quite limited to say the least!

The first task he gave me was to help secure his site a bit, specifically going through and changing the sql statements over to using the command object and parameterized queries. I did a little research on them, and think I understand the concept and theory behind them, but am having trouble getting the syntax right.

could someone post some code and/or links to a simple example on how they work?

Many thanks!
0
c l
Asked:
c l
  • 4
  • 2
1 Solution
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
first off, welcome to EE :)

I've answered a few questions here on EE about this very topic, here is one example using parameterized queries:

http://www.experts-exchange.com/Programming/Languages/Visual_Basic/Q_28461391.html#a40152051

Also, make sure you "clean" your data before inserting it into the database. Check for proper values, data types, and even the length of data being inserted (if it's a small field and a huge string is being inserted, it could be someone trying to put in a hijack script.

for understanding the theory behind sql injection, wikipedia has a good article explaining the theory:

http://en.wikipedia.org/wiki/SQL_injection

Welcome to EE!
0
 
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
Let's see what you are starting with.   Can you post your sample code you have now?
0
 
c lAuthor Commented:
Monty - Beautiful, exactly what I'm looking for, thank you :)

Scott - I really don't have any code yet with regards to creating parameterized queries, I'm trying to find specific examples that I can understand, I'm going to play around some with the example in the link Monty posted.

I'll probably have lots of more questions as I go along, fair warning!!!
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
c lAuthor Commented:
thank you - exactly what I'm looking for!
0
 
c lAuthor Commented:
crud - I accepted the wrong answer. how do I change it to Monty's answer?
0
 
c lAuthor Commented:
Thank you Gary!
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
Glad it was helpful :)

happy programming!
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now