Google
AspAlliance.com Web
AspAlliance
Register
Edit My Profile
Author List
Write for Us
About AspAlliance
Contact Us
Privacy Policy
Link To Us
Advertise

Subscribe
Free Newsletter
Newsletter Archive
RSS Syndication

.NET Tutorials
Learn .NET
Learn WCF
Learn WPF
Learn ASP.NET
Learn AJAX
Learn Silverlight
Learn Visual Studio
Learn ADO.NET
Learn LINQ
Learn C# (CSharp)
Learn VB.NET
Learn Web Services
Learn Controls
Learn BizTalk
Learn SharePoint
Learn Mobile
Learn SQL
Learn SQL Reporting
Learn Windows Forms
Learn XML
Learn Crystal Reports
Learn FarPoint
Learn DevExpress
Examples
ASP.NET 2.0 Examples

ASP Tutorials
Learn ASP
Learn VBScript
Learn JScript
Learn SQL
Learn XML

Software Resources
Shopping Cart Ecommerce
Charts and Dashboards

Other Resources
Learn Java
Learn Oracle
Opinion / Editorial
Crystal Reports Alliance
WPF Resources
AJAX Resources
Silverlight Resources

Free Tools
Cache Manager
SimpleCMS

Reviews
Book Reviews
Product Reviews
Expert Advice

Books
ASP.NET Developer's Cookbook
Sample Chapters
Book Reviews

Community
Developer Jobs
Resource Directory
ASP Email Lists
ASP.NET Email Lists
Whidbey Email Lists
AspAlliance Groups
SQL Email Lists
XML Email Lists
Regular Expressions
MS Communities
CodeWise Communities

Web Hosting
ASP Hosting
Dedicated Servers
FREE Hosting
Shared Hosting
Web Farm Hosting

Print This Article Print  Add To Favorites Add To Favorites    Email This Article To A Friend Email To Friend  Rate This Article Rate This Article   
SQL Injection in Classic ASP and Possible Solutions
page 5 of 8
by Ehsanul Haque
Feedback
Average Rating: 
Views (Total / Last 10 Days): 15137/ 262
Additional Consideration

Additionally, for new projects as well as old projects, we can maintain the following best practices to avoid the attack.

1. Use escape character routines to handle special characters

2. Use stored procedures rather than dynamic query where possible

3. Use parameterized query incase of dynamic query

4. Use HtmlEncode and decode techniques to show html data where possible

5. Use a least privileged database account- only stored procedure will have the permission for update/insert and script will have only read permission.

View Entire Article

Article Feedback

Title:  
Name:  
Url: ( Optional )
Comment:  
Please add 6 and 8 and type the answer here:

User Comments

Title: :)   
Name: RJ
Date: 1/13/2009 2:04:18 AM
Comment:
good article. it really helps






Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2009 ASPAlliance.com  |  Page Processed at 11/22/2009 3:56:49 PM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search