SQL Server Performance

SQL Injection

Discussion in 'General Developer Questions' started by parveen, Jul 28, 2006.

  1. parveen New Member


    Hello Friends,
    I have a requirement,and need to store secure data like credit card nos and its expirty dates.
    How to avoid sql injection in this case . Can u suggest How to store data...


    Thanks

    Don't take life so seriously, you will never get out of it alive.
  2. satya Moderator

  3. shaileshk New Member

    Code for preventing SQL Injection
    array_split_item = Array(”–”, “;”, “/*”, “*/”, “@@”, “@”,
    “char”, “nchar”, “varchar”, “nvarchar”,
    “alter”, “begin”, “cast”, “create”, “cursor”,
    “declare”, “delete”, “drop”, “end”, “exec”,
    “execute”, “fetch”, “insert”, “kill”, “open”,
    “select”, “sys”, “sysobjects”, “syscolumns”,
    “table”, “update”, “<script”, “</script>”, “‘”)
    for each item in Request.QueryString
    for array_counter = lbound(array_split_item) to ubound(array_split_item)
    item_postion1 = InStr(lcase(Request(item)),array_split_item(array_counter))
    ‘Response.Write(array_split_item(array_counter) & “<br>”)
    if item_postion1 > 0 then
    Response.Write(”Command cannot be executed.”)
    Response.End()
    end if
    next
    next
    %>
    more infomation about SQL Injection Protection
    http://codegroups.com/blog/index.php/sql-injection-protection/

Share This Page