g
Printer Friendly Version

editor  
BellaOnline's ASP Editor
 

Checking Input Fields for Security

Any time you use a HTML input field or form in order to work with a database, it is critical that you do security checks on that data. Otherwise you could be open to hacker attack.

Say you take in a field you call

UserName

If you do ANY SQL operation with this field, someone could easily put a ; into that username and in essence tell the first part of the SQL statement to end, and then insert any SQL command they wished into the second half. Your database could be deleted, shut down, or worse.

Here are some safety precautions you should take with every input field that is text. Non-text input fields should of course be verified that they are only of the proper type.

UserName = Replace(UserName, ";", "")
UserName = Replace(UserName, "-", "")
UserName = Replace(UserName, "'", "")
UserName = Replace(UserName, "/", "")
UserName = Replace(UserName, "\", "")


ASP Site @ BellaOnline
View This Article in Regular Layout

Content copyright © 2013 by Lisa Shea. All rights reserved.
This content was written by Lisa Shea. If you wish to use this content in any manner, you need written permission. Contact Lisa Shea for details.



| About BellaOnline | Privacy Policy | Advertising | Become an Editor |
Website copyright © 2014 Minerva WebWorks LLC. All rights reserved.


BellaOnline Editor