Forums
This topic is locked
SQL injection prevention
Posted 12 Apr 2005 18:42:12
1
has voted
12 Apr 2005 18:42:12 adam partridge posted:
does anyone have a function or tips on how to prevent SQL injection on my page :<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<!--#include file="Connections/sublime_club.asp" -->
<%
Dim Recordset1__MMColParam
Recordset1__MMColParam = "1"
If (Request.QueryString("id"
<> "" Then Recordset1__MMColParam = Request.QueryString("id"
End If
%>
<%
Dim Recordset1
Dim Recordset1_numRows
Set Recordset1 = Server.CreateObject("ADODB.Recordset"
Recordset1.ActiveConnection = MM_sublime_club_STRING
Recordset1.Source = "SELECT * FROM tbldjs WHERE skuID = " + Replace(Recordset1__MMColParam, "'", "''"
+ ""Recordset1.CursorType = 0
Recordset1.CursorLocation = 2
Recordset1.LockType = 1
Recordset1.Open()
Recordset1_numRows = 0
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<%=(Recordset1.Fields.Item("strdjname"
.Value)%></body>
</html>
<%
Recordset1.Close()
Set Recordset1 = Nothing
%>
Edited by - adampartridge on 12 Apr 2005 18:42:33
Replies
Replied 12 Apr 2005 20:20:25
12 Apr 2005 20:20:25 Dave Thomas replied:
best thing to do is google around and read up on what's been posted about this, as there is a lot of information available.
www.sitepoint.com/article/sql-injection-attacks-safe << there's one such posting.
regards
Dave Thomas
<b>DMX Zone Manager</b>
www.sitepoint.com/article/sql-injection-attacks-safe << there's one such posting.
regards
Dave Thomas
<b>DMX Zone Manager</b>
Replied 13 Apr 2005 15:52:42
13 Apr 2005 15:52:42 adam partridge replied:
thanks