Fight Against SQL Injection Attacks
Security issues became more damageful if you're not protecting your web forms. Following example is a good idea to protect our ASP pages against SQL injection attacks. This small ASP code secures and validates all information coming from your forms.
<%
uname = trim(request.form("uname"))
pword = trim(request.form("pword"))
if isValidString(uname) = True AND isValidString(pword) = True then
Set Con = Server.CreateObject("ADODB.Connection")
Con.Open strCon
sql = "Select userID, nickName, pword, isAdmin, email from mysite_Members "
sql = sql & " WHERE email = '"& uname & "' AND pword = '"& pword & "' AND editor = 1 AND active = 0 "
set rec = Con.execute(sql)
if rec.eof then
response.Write("<h1>Login failed !</h1>"&vbnewline)
else
Session("userID") = rec("userID")
Session("nickName") = rec("nickName")
Session("email") = rec("email")
Session("pword") = rec("pword")
Session("isAdmin") = rec("isAdmin")
response.redirect "default.asp"
end if
rec.close
set rec = nothing
Con.close
set Con = nothing
end if
end if
Function IsValidString(sValidate)
Dim sInvalidChars
Dim bTemp
Dim i
' Disallowed characters
sInvalidChars = "!#$%^&*()=+{}[]|\\;?><'"
for i = 1 To Len(sInvalidChars)
if InStr(sValidate, Mid(sInvalidChars, i, 1)) > 0 then bTemp = True
if bTemp then Exit For
next
for i = 1 to Len(sValidate)
if Asc(Mid(sValidate, i, 1)) = 160 then bTemp = True
if bTemp then Exit For
next
if not bTemp then
bTemp = InStr(sValidate, "..") > 0
end if
if not bTemp then
bTemp = InStr(sValidate, " ") > 0
end if
if not bTemp then
bTemp = (len(sValidate) <> len(Trim(sValidate)))
end if 'Addition for leading and trailing spaces
' if any of the above are true, invalid string
IsValidString = Not bTemp
End Function
%>
- ASP Chat Box
- Working with Array Remove An Item
- ASPNET Web Counter Free Open Source Code
- Beginning-Ajax-and-ASPNET-35
- How to upload images to mySQL within PHP
- Delete Files Online in ASP
- Video Interview With Roman Strobl
- Custom Paging in ASP Fast And Easy
- How to write and use a JavaBean My frst java bean
- Displaying Records From An Excel Database
- Paging Results in PHP
- Java SE 6 Performance White Paper
- Installing Sun Java System Application Server 9.1 in Solaris Zones
- Converting sceonds to hours minutes and seconds
- Encoding URL strings
- Easy Download Manager Free Version
- ASP Chat Box
- Writing Form Data to Text Files
- Paging Records in JSP
- What is Ecommerce and the Importance of Ecommerce
- Beginning-Ajax-and-ASPNET-35
- How to upload images to mySQL within PHP
- Simple XML RSS Parser
- Counting records in PHP mySQL
- ActiveNews Manager Freeware News Exchange Software
- How to write and use a JavaBean My frst java bean
- Paging Results in PHP
- Free User Registration Form
- A-timesaver-control-GridView
- ASPNET Web Counter Free Open Source Code
- Easy Download Manager Free Version
- ASP Chat Box
- Writing Form Data to Text Files
- Paging Records in JSP
- Beginning-Ajax-and-ASPNET-35
- How to upload images to mySQL within PHP
- Simple XML RSS Parser
- ActiveNews Manager Freeware News Exchange Software
- Counting records in PHP mySQL
- How to write and use a JavaBean My frst java bean
- Paging Results in PHP
- Free User Registration Form
- A-timesaver-control-GridView
- ASPNET Web Counter Free Open Source Code
- Comparing Dates
