GoFuckYourself.com - Adult Webmaster Forum - View Single Post - SQL Injection, what do you guys do, any experts avil?

ro8in · 10-20-2008, 03:51 AM

It might look slightly different for ASP pages and MSSQL but the idea is basically the same filter out any characters from the user input which could alter your query's

a good practice is to put the user input first in a variable run some filters over that var before adding it to your query.. never include user input directly at the place of the query.. if you feel the need to include it with filter functions around it.

10-20-2008, 03:51 AM
ro8in Confirmed User Industry Role: Join Date: Sep 2006 Posts: 1,542	It might look slightly different for ASP pages and MSSQL but the idea is basically the same filter out any characters from the user input which could alter your query's a good practice is to put the user input first in a variable run some filters over that var before adding it to your query.. never include user input directly at the place of the query.. if you feel the need to include it with filter functions around it. __________________ ------ Offcourse its a dude posting here. Probably a fut ugly one too. Fuck still people falling for this 100 year old trick Last edited by ro8in; 10-20-2008 at 03:53 AM..