Books & Music
Food & Wine
Health & Fitness
Hobbies & Crafts
Home & Garden
News & Politics
Religion & Spirituality
Travel & Culture
TV & Movies
Checking Input Fields for Security
Any time you use a HTML input field or form in order to work with a database, it is critical that you do security checks on that data. Otherwise you could be open to hacker attack.
Say you take in a field you call
If you do ANY SQL operation with this field, someone could easily put a ; into that username and in essence tell the first part of the SQL statement to end, and then insert any SQL command they wished into the second half. Your database could be deleted, shut down, or worse.
Here are some safety precautions you should take with every input field that is text. Non-text input fields should of course be verified that they are only of the proper type.
UserName = Replace(UserName, ";", "")
UserName = Replace(UserName, "-", "")
UserName = Replace(UserName, "'", "")
UserName = Replace(UserName, "/", "")
UserName = Replace(UserName, "\", "")
| Related Articles | Editor's Picks Articles | Top Ten Articles | Previous Features | Site Map
Content copyright © 2014 by Lisa Shea. All rights reserved.
This content was written by Lisa Shea. If you wish to use this content in any manner, you need written permission. Contact Lisa Shea for details.
Website copyright © 2014 Minerva WebWorks LLC. All rights reserved.