Home > Others

Easyasp v2.2 Introduction to new Features (1): How to implement SQL injection easp

Source: Internet
Author: User
Tags date how to prevent sql injection implement new features sql injection
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Easyasp finally to v2.2, is still improving the handbook, the group has a lot of people ask how to use the problem, so it is intended to write a manual at the same time to write some new features introduced to facilitate the use of easp children's shoes quickly into the state. To tell the truth, see so many people still write ASP, still support easp, feel very rare, so also has not dropped the development of easp, or hope that easp can give the last asper a little help.

Easyasp v2.2 change is bigger, give up a lot of original I think bad use of method, of course, more is joined a lot of I think will use very fart new function. This is the first article in this series, ready to talk about how easyasp is guarding against SQL injection.

Speaking of anti-SQL injection, we are sure to express their views, this article is not intended to make in-depth discussion, I will say from this perspective easyasp v2.2 is how to prevent SQL injection.

1. Find the injection point

First, let's look at where the ASP can get an injection opportunity (based on VBScript below). To use ASP to get the data that the user can enter, this is the three aspects:

Request.QueryString
Request.Form
Request.Cookies

If your program does not deal with the data obtained through the request directly in the concatenation of the SQL statements, it is basically impossible to avoid the production of SQL injection. So, the value that participates in the SQL concatenation must be processed beforehand, but how to deal with?

2. Processing injected characters

In the light of the conclusions given in the last article I would like to agree on, it is easy to understand how to handle these data that might be injected:

(1) For string-type data, handle one of the single quotes, swapping one single quote for two single quotes;

(2) For numerical data, verify that it is a number;

(3) For date-type data, verify that it is a date type.

Therefore, the ASP's anti-injection should be in the concatenation of SQL before the data obtained through the 1th by the 2nd method of cross processing, and return can be correctly executed in the SQL statements in the string.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to implement interface how to implement recaptcha how to implement byod how to make sql injection how to mitigate sql injection how to perform sql injection how to apply sql injection

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More