Hello Friends,
I have a requirement,and need to store secure data like credit card nos and its expirty dates.
How to avoid sql injection in this case . Can u suggest How to store data...


Thanks

Don't take life so seriously, you will never get out of it alive.

http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/
http://msdn.microsoft.com/msdntv/transcripts/20041104SQLServerMLTranscript.aspx
http://www.dbazine.com/sql/sql-articles/larsen2

fyi.

---

Satya SKJ
Microsoft SQL Server MVP
Contributing Editor & Forums Moderator
http://www.SQL-Server-Performance.Com
This posting is provided �AS IS� with no rights for the sake of knowledge sharing.

 Code for preventing SQL Injection

array_split_item = Array(”–”, “;”, “/*”, “*/”, “@@”, “@”,

                  “char”, “nchar”, “varchar”, “nvarchar”,

                  “alter”, “begin”, “cast”, “create”, “cursor”,

                  “declare”, “delete”, “drop”, “end”, “exec”,

                  “execute”, “fetch”, “insert”, “kill”, “open”,

                  “select”, “sys”, “sysobjects”, “syscolumns”,

                  “table”, “update”, “<script”, “</script>”, “‘”)

for each item in Request.QueryString

    for array_counter = lbound(array_split_item) to ubound(array_split_item)

       

        item_postion1 = InStr(lcase(Request(item)),array_split_item(array_counter))

        ‘Response.Write(array_split_item(array_counter) & “<br>”)

       

        if item_postion1 > 0  then

            Response.Write(”Command cannot be executed.”)

            Response.End()

        end if

    next

next

%>

more infomation about SQL Injection Protection

http://codegroups.com/blog/index.php/sql-injection-protection/