Hello Friends, I have a requirement,and need to store secure data like credit card nos and its expirty dates. How to avoid sql injection in this case . Can u suggest How to store data... Thanks Don't take life so seriously, you will never get out of it alive.
http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/ http://msdn.microsoft.com/msdntv/transcripts/20041104SQLServerMLTranscript.aspx http://www.dbazine.com/sql/sql-articles/larsen2 fyi. Satya SKJ Microsoft SQL Server MVP Contributing Editor & Forums Moderator http://www.SQL-Server-Performance.Com This posting is provided �AS IS� with no rights for the sake of knowledge sharing.
Code for preventing SQL Injection array_split_item = Array(â€â€“â€, “;â€, “/*â€, “*/â€, “@@â€, “@â€, “charâ€, “ncharâ€, “varcharâ€, “nvarcharâ€, “alterâ€, “beginâ€, “castâ€, “createâ€, “cursorâ€, “declareâ€, “deleteâ€, “dropâ€, “endâ€, “execâ€, “executeâ€, “fetchâ€, “insertâ€, “killâ€, “openâ€, “selectâ€, “sysâ€, “sysobjectsâ€, “syscolumnsâ€, “tableâ€, “updateâ€, “<scriptâ€, “</script>â€, “‘â€) for each item in Request.QueryString for array_counter = lbound(array_split_item) to ubound(array_split_item) item_postion1 = InStr(lcase(Request(item)),array_split_item(array_counter)) ‘Response.Write(array_split_item(array_counter) & “<br>â€) if item_postion1 > 0 then Response.Write(â€Command cannot be executed.â€) Response.End() end if next next %> more infomation about SQL Injection Protection http://codegroups.com/blog/index.php/sql-injection-protection/
