SQL Server Performance

SQL Injection

Discussion in 'General Developer Questions' started by parveen, Jul 28, 2006.

  1. parveen New Member

    Hello Friends,
    I have a requirement,and need to store secure data like credit card nos and its expirty dates.
    How to avoid sql injection in this case . Can u suggest How to store data...


    Don't take life so seriously, you will never get out of it alive.
  2. satya Moderator

  3. shaileshk New Member

    Code for preventing SQL Injection
    array_split_item = Array(”–”, “;”, “/*”, “*/”, “@@”, “@”,
    “char”, “nchar”, “varchar”, “nvarchar”,
    “alter”, “begin”, “cast”, “create”, “cursor”,
    “declare”, “delete”, “drop”, “end”, “exec”,
    “execute”, “fetch”, “insert”, “kill”, “open”,
    “select”, “sys”, “sysobjects”, “syscolumns”,
    “table”, “update”, “<script”, “</script>”, “‘”)
    for each item in Request.QueryString
    for array_counter = lbound(array_split_item) to ubound(array_split_item)
    item_postion1 = InStr(lcase(Request(item)),array_split_item(array_counter))
    ‘Response.Write(array_split_item(array_counter) & “<br>”)
    if item_postion1 > 0 then
    Response.Write(”Command cannot be executed.”)
    end if
    more infomation about SQL Injection Protection

Share This Page