Codango: ASP Code Snippet

JSP

Share The Love

You are 1 of 28 Active ASP Visitors

ASP Home | Resources | Write a Review | My Favor-Its | Login

Protect from SQL InjectionsCode Snippet

Read Reviews | Report Errors

[+][+]

1
Reviews

2
Favor-It

This is a very quick way to protect your asp and your sql databases from common sql injection characters and phrases. Use code at time of form submission after I do javascript validations (which are not always safe) and before I connect to the databases. Code: ASP 2.0 & VBScript


		Code Snippet

Code Written By: Suzanne Miller

<%
'Snippet to protect SQL database from common sql injections
'PLEASE THIS CODE ON THE FORM PROCESSING ASP PAGE OR PROCESS THIS AS A FUNCTION AT TIME OF FORM SUBMISSION
'this code disallows the following characters and phrases in all form fields
' *,  ; ,  ' , \ , select, sys, exec, delete, update, insert
'by Suzanne M. Miller wwwdzns@verizon.net
'I like to use this as my final validation. I use javascript validations to avoid blank entries, etc.. but this is great to use as a FINAL check before processing a form.
'Happy CODING! :)





response.Buffer = True

for each item in request.form
if Trim(Lcase(Instr(request.form(item),"*")))or Trim(Lcase(Instr(request.form(item),"'"))) or Trim(Lcase(Instr(request.form(item),";"))) or Trim(Lcase(Instr(request.form(item),"select"))) or Trim(Lcase(Instr(request.form(item),"sys"))) or Trim(Lcase(Instr(request.form(item),"exec"))) or Trim(Lcase(Instr(request.form(item),"delete"))) or Trim(Lcase(Instr(request.form(item),"update"))) or Trim(Lcase(Instr(request.form(item),"insert"))) or Trim(Lcase(Instr(request.form(item),"\"))) THEN
response.write"<BR>THERE WAS AN ERROR PROCESSING YOUR FORM<br><a href='javascript:history.go(-1)'>Go back to edit your form</a>"
'STOP PROCESSING THE FORM AND SEND ERROR MESSAGE ABOVE.. YOU CAN CUSTOMIZE THIS AREA
response.End()
else
End if
next
Response.write"YOUR FORM WAS SUBMITTED SUCCESSFULLY!"
'continue executing your form and insert/updates into database
%>

To use the code above, click and drag your mouse over the code to highlight it. Then right click on the highlighted code and click "Copy." Now you may paste it into your code editor.

Submit Your Own Code to Codango


Link to Us \| About Us		Advertise \| Contact Us \| Website Help
Write a User Review Today! Its Fun, Fast, and Easy!	Codango Home \| PHP \| ASP.NET \| ASP \| JSP Advertise With Us \| About Us \| Terms of Use \| Privacy Policy


� 2013 ezd.com, All rights reserved