Popular Articles | Latest Articles | Categories | RSS Feeds
Web Development
Web Design
Programming
Security
Databases
Web Hosting

Fight Against SQL Injection Attacks

Published on 11/22/2007 by Site Editor
More articles in ASP



 Vote this tutorial:

Security issues became more damageful if you're not protecting your web forms. Following example is a good idea to protect our ASP pages against SQL injection attacks.  This small ASP code secures and validates all information coming from your forms.

<%
    uname = trim(request.form("uname"))
    pword =  trim(request.form("pword"))
    if isValidString(uname) = True AND isValidString(pword) = True  then
    Set Con = Server.CreateObject("ADODB.Connection")
    Con.Open strCon
    sql = "Select userID, nickName, pword, isAdmin, email from mysite_Members "
    sql = sql & " WHERE  email = '"& uname & "' AND pword = '"& pword & "' AND editor = 1 AND active = 0 "
    set rec = Con.execute(sql)
        if rec.eof then
        response.Write("

Login failed !

"&vbnewline)               
        else
        Session("userID") = rec("userID")
        Session("nickName") = rec("nickName")
        Session("email") = rec("email")
        Session("pword") = rec("pword")
        Session("isAdmin") = rec("isAdmin")
        response.redirect "default.asp"
        end if
    rec.close
    set rec = nothing
    Con.close
    set Con = nothing   

    end if   
    end if
   
Function IsValidString(sValidate)
    Dim sInvalidChars
    Dim bTemp
    Dim i
    ' Disallowed characters
    sInvalidChars = "!#$%^&*()=+{}[]|\\;?><'"
    for i = 1 To Len(sInvalidChars)
        if InStr(sValidate, Mid(sInvalidChars, i, 1)) > 0 then bTemp = True
        if bTemp then Exit For
    next
    for i = 1 to Len(sValidate)
        if Asc(Mid(sValidate, i, 1)) = 160 then bTemp = True
        if bTemp then Exit For
    next


    if not bTemp then
        bTemp = InStr(sValidate, "..") > 0
    end if
    if not bTemp then
        bTemp = InStr(sValidate, "  ") > 0
    end if
    if not bTemp then
        bTemp = (len(sValidate) <> len(Trim(sValidate)))
    end if 'Addition for leading and trailing spaces

    ' if any of the above are true, invalid string
    IsValidString = Not bTemp
End Function
%>

Comments:
no comments submitted


Only members can write comments.Please, login / register to write comment.

Latest Posts

    Active News Manager - news management system




    Welcome to Dotnetindex.com:Login  |  Register
    Free software:
    Giga RSS Reader
    IkonAdman
    QMailing list     		Active News
    Download Manager (PRO)
    Download Manager (Lite)

    Search Dotnetindex.com:


    Who's online

    • There 34 online users.

    Latest tutorialsIntroduction to Dependency Injection Using StructureMap
    SEO For ASP.NET Web Site
    Using ASP.NET 3.5's ListView and DataPager Controls: The Ultimate DataPager Interface
    Using jQuery To Hijack ASP.NET MVC Form Posts
    Accessing and Updating Data in ASP.NET: Filtering Data Using a CheckBoxList
    Predictive Fetch with jQuery and the ASP.NET Ajax Library
    Building ASP.NET Web Forms to Use a MySQL Database
    A Guide to Upgrading Your XP Machine for Optimum Performance with Windows 7
    Retrieving Data from Microsoft SQL Server 2008 Using ASP.NET 3.5
    Creating an ASP.NET Dynamic Web Page Using MS SQL Server 2008 Database (GridView Display)
    Inserting Data into a Microsoft SQL 2008 Database in ASP.NET 3.5
    Using C#, ASP.NET, and ADO.NET To Develop A Multi-Tier App From Start To Finish
    URL Routing in ASP.NET 4.0
    Integrating Twitter Into An ASP.NET Website
    Creating Multiple Choice Exam Application Using ASP.NET MVC Framework
    ASP.NET Resources, Reviews

    ASP Resources, Reviews

    PHP, ASP, .NET, JSP Resources, Reviews

    Hotscripts.com Free Photoshop, Flash and 3DS MAX tutorials