See
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
|I keep seeing references to SQL injection. What does this mean?
| It doesn't sound good.
|
| | > If you're using SQL Server or another full-strength database server,
| > the easiest way to avoid SQL Injection is to use Stored Procedures.
| > With Access, you can actually use parameterized queries. They aren't
| > as powerful as Stored Procedures, but often can do what you need.
| >
| > --
| > HTH,
| >
| > Kevin Spencer
| > Microsoft MVP
| > .Net Developer
| > Neither a follower nor a lender be.
| >
| > | >> Thanks Jon
| >> Maybe you can help me with this
| >> I have posted it on the client forum but you don't seem to be
| >> working there so I will ask you here
| >> I have a form Which with username and password fields.the form
| >> submits to a
| >> login validation asp script
| >> To stop SQL injection I need to Filter out server side character
| >> like single
| >> quote, double quote, slash, back slash, semi colon, extended
| >> character like
| >> NULL, carry return, new line, etc,
| >> I know I need to add some validation asp script to the validation
| >> asp page
| >> but I have been looking on the web and I can't find any tutorials
| >> Paul M
| >>
| >> | >>> Hi,
| >>> Anywhere you like, eg
| >>> <%
| >>> function DoSomething(..)
| >>> '
| >>> DoSomething = .....
| >>> end function
| >>> %>
| >>>
| >>> <%=DoSomething('something')%>
| >>>
| >>> It's probably best practice to place them at the top of the page -
| >>> ie befoe <html> just to make your code easier to follow and so
| >>> your designer doesn't mess things up when he touches the page.
| >>>
| >>> --
| >>> Cheers,
| >>> Jon
| >>> Microsoft MVP
| >>>
| >>> | >>>> Hi
| >>>> Where are asp functions placed on the page
| >>>> Paul M
| >>>>
| >>>
| >>>
| >>
| >>
| >
| >
|
|