Welcome to my ASP Code Website

Checking Input Fields for Security



Any time you use a HTML input field or form in order to work with a database, it is critical that you do security checks on that data. Otherwise you could be open to hacker attack.

Say you take in a field you call

UserName

If you do ANY SQL operation with this field, someone could easily put a ; into that username and in essence tell the first part of the SQL statement to end, and then insert any SQL command they wished into the second half. Your database could be deleted, shut down, or worse.

Here are some safety precautions you should take with every input field that is text. Non-text input fields should of course be verified that they are only of the proper type.

UserName = Replace(UserName, ";", "")
UserName = Replace(UserName, "-", "")
UserName = Replace(UserName, "'", "")
UserName = Replace(UserName, "/", "")
UserName = Replace(UserName, "\", "")


ASP Form Creation and Security