 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers |
Webmaster Forum / ASP / Database Access / January 2006SQL Injection solution:( ?
Hi, RE: SQL2K, ASP -------------------- I am trying to secure a data entry page and want to avoid any sql injections. Is there a way I can use Command.Parameters with a query (instead of a storedproc). Any solution? Thnx > Hi, > [quoted text clipped - 9 lines] > > Thnx Yes. Use an explicit Command object to pass parameter values to a string containing parameter markers: http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36 562fee7804e This does not relieve you of the responsibility to validate your user inputs in server-side code, if only to prevent errors related to incorrectly-entered data. Bob Barrows  SignatureMicrosoft MVP -- ASP/ASP.NET Please reply to the newsgroup. The email account listed in my From header is my spam trap, so I don't check it very often. You will get a quicker response by posting to the newsgroup. And for another related link: SQL Injection Walkthrough http://www.securiteam.com/securityreviews/5DP0N1P76E.html Best regards, -Paul www.Bullschmidt.com - Freelance Web and Database Developer www.Bullschmidt.com/DevTip.asp - Classic ASP Design Tips |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.