SQL Injection in Classic ASP and Possible Solutions: ASP Alliance

ASP.NET Tutorials » SQL Injection in Classic ASP and Possible Solution...

Not Logged In. Login

AspAlliance
Register
Edit My Profile
Author List
Write for Us
About AspAlliance
Contact Us
Privacy Policy
Link To Us
Advertise

Subscribe
Free Newsletter
Newsletter Archive
RSS Syndication

.NET Tutorials
Learn .NET
Learn WCF
Learn WPF
Learn ASP.NET
Learn AJAX
Learn Silverlight
Learn Visual Studio
Learn ADO.NET
Learn LINQ
Learn C# (CSharp)
Learn VB.NET
Learn Web Services
Learn Controls
Learn BizTalk
Learn SharePoint
Learn Mobile
Learn SQL
Learn SQL Reporting
Learn Windows Forms
Learn XML
Learn Crystal Reports
Learn FarPoint
Learn DevExpress
Examples
ASP.NET 2.0 Examples

ASP Tutorials
Learn ASP
Learn VBScript
Learn JScript
Learn SQL
Learn XML

Software Resources
Shopping Cart Ecommerce
Charts and Dashboards

Other Resources
Learn Java
Learn Oracle
Opinion / Editorial
Crystal Reports Alliance
WPF Resources
AJAX Resources
Silverlight Resources

Free Tools
Cache Manager
SimpleCMS

Reviews
Book Reviews
Product Reviews
Expert Advice

Books
ASP.NET Developer's Cookbook
Sample Chapters
Book Reviews

Community
Developer Jobs
Resource Directory
ASP Email Lists
ASP.NET Email Lists
Whidbey Email Lists
AspAlliance Groups
SQL Email Lists
XML Email Lists
Regular Expressions
MS Communities
CodeWise Communities

Web Hosting
ASP Hosting
Dedicated Servers
FREE Hosting
Shared Hosting
Web Farm Hosting

Print Add To Favorites Email To Friend Rate This Article
SQL Injection in Classic ASP and Possible Solutions

page 4 of 8

by Ehsanul Haque
Feedback

Average Rating:

Views (Total / Last 10 Days): 15137/ 263

Article Contents:

Avoid disclosing database error information

To avoid disclosing database error information use "try…catch" block where possible and provide a user friendly error message rather than showing system information. Also by configuring IIS, we can set a general error page. This way no one will get the actual database information. The way of creating custom error page for ASP application can be found here. In the error page, we can implement an automatic error reporting system which will trigger an email to the programmer with a detailed error report while the error will occur. A sample can be found in the source code.

View Entire Article

Article Feedback

Comment:
Title:
Name:
Url:	( Optional )

Please add 7 and 1 and type the answer here:

User Comments

Title: :)
Name: RJ
Date: 1/13/2009 2:04:18 AM
Comment:
good article. it really helps

Latest Resources
» Jabry - Free Asp Hosting with No Ads
» ASP.NET & ASP Web Hosting for only $4.95/mo
» ASP & ASP.NET Web Hosting for only $4.95/mo!
» Manged Windows Dedicated Servers
» Jabry - Free Asp Hosting, FTP with NO Ads

Community Advice: ASP | SQL | XML | Regular Expressions | Windows