|
Learning ASP Free Course Basics Functions SQL Commands Sample Code Servers / Setup Host Reviews Server Setup Error Tips Contract ASP Development Search For: 
|
Checking Input Fields for Security
Any time you use a HTML input field or form in order to work with a database, it is critical that you do security checks on that data. Otherwise you could be open to hacker attack.
Say you take in a field you call
UserName
If you do ANY SQL operation with this field, someone could easily put a ; into that username and in essence tell the first part of the SQL statement to end, and then insert any SQL command they wished into the second half. Your database could be deleted, shut down, or worse.
Here are some safety precautions you should take with every input field that is text. Non-text input fields should of course be verified that they are only of the proper type.
UserName = Replace(UserName, ";", "")
UserName = Replace(UserName, "-", "")
UserName = Replace(UserName, "'", "")
UserName = Replace(UserName, "/", "")
UserName = Replace(UserName, "\", "")
ASP Form Creation and Security
Bookmark this site so you can reference it any time you have ASP questions in the future!
All content copyright © 2012 Minerva WebWorks LLC. All rights reserved.
|
Ebooks Intro to ASP ASP SQL DB Members Shopping 
Romance Tips Irish Romance Italian Romance French Romance
|