Popular Articles | Latest Articles | Categories | RSS Feeds
Web Development
Web Design
Programming
Security
Databases
Web Hosting

Fight Against SQL Injection Attacks

Published on 11/22/2007 by Site Editor
More articles in ASP



 Vote this tutorial:

Security issues became more damageful if you're not protecting your web forms. Following example is a good idea to protect our ASP pages against SQL injection attacks.  This small ASP code secures and validates all information coming from your forms.

<%
    uname = trim(request.form("uname"))
    pword =  trim(request.form("pword"))
    if isValidString(uname) = True AND isValidString(pword) = True  then
    Set Con = Server.CreateObject("ADODB.Connection")
    Con.Open strCon
    sql = "Select userID, nickName, pword, isAdmin, email from mysite_Members "
    sql = sql & " WHERE  email = '"& uname & "' AND pword = '"& pword & "' AND editor = 1 AND active = 0 "
    set rec = Con.execute(sql)
        if rec.eof then
        response.Write("

Login failed !

"&vbnewline)               
        else
        Session("userID") = rec("userID")
        Session("nickName") = rec("nickName")
        Session("email") = rec("email")
        Session("pword") = rec("pword")
        Session("isAdmin") = rec("isAdmin")
        response.redirect "default.asp"
        end if
    rec.close
    set rec = nothing
    Con.close
    set Con = nothing   

    end if   
    end if
   
Function IsValidString(sValidate)
    Dim sInvalidChars
    Dim bTemp
    Dim i
    ' Disallowed characters
    sInvalidChars = "!#$%^&*()=+{}[]|\\;?><'"
    for i = 1 To Len(sInvalidChars)
        if InStr(sValidate, Mid(sInvalidChars, i, 1)) > 0 then bTemp = True
        if bTemp then Exit For
    next
    for i = 1 to Len(sValidate)
        if Asc(Mid(sValidate, i, 1)) = 160 then bTemp = True
        if bTemp then Exit For
    next


    if not bTemp then
        bTemp = InStr(sValidate, "..") > 0
    end if
    if not bTemp then
        bTemp = InStr(sValidate, "  ") > 0
    end if
    if not bTemp then
        bTemp = (len(sValidate) <> len(Trim(sValidate)))
    end if 'Addition for leading and trailing spaces

    ' if any of the above are true, invalid string
    IsValidString = Not bTemp
End Function
%>

Comments:
no comments submitted


Only members can write comments.Please, login / register to write comment.

Latest Posts

    Active News Manager - news management system




    Welcome to Dotnetindex.com:Login  |  Register
    Free software:
    Giga RSS Reader
    IkonAdman
    QMailing list     		Active News
    Download Manager (PRO)
    Download Manager (Lite)

    Search Dotnetindex.com:


    Who's online

    • There 15 online users.

    Latest tutorialsAutocomplete Filter from the Old Futures Project Working in Dynamic Data 4
    Developing a Facebook Connect Application Using ASP.NET
    Conditional Row Highlighting in Dynamic Data
    UserControl as a DLL Made Easy
    Using GroupTemplate in ASP.NET ListView Control (Tiled Display)
    Creating Master-Detail GridView Using jQuery
    ASP.NET MVC 2.0 and AJAX Part 1
    Sorting Tabular Data in ASP.NET MVC
    Asynchronous Form in ASP.NET MVC 2
    Populating ASP.NET TreeView Control Recursively
    A look at SAP Crystal Reports for Visual Studio 2010
    Reporting in Threads
    Regular Expressions Make Pattern Matching and Data Extraction Easier
    Perform Database Administration Operations with SQL Server Management Objects
    SQL Server Compact 3.5 Beta 2 available for download
    ASP.NET Resources, Reviews

    ASP Resources, Reviews

    PHP, ASP, .NET, JSP Resources, Reviews

    Hotscripts.com Free Photoshop, Flash and 3DS MAX tutorials