How do I protect my ASP code from a SQL Injection?
The following article explains how to protect your ASP code from a SQL Injection. The recent injection attacks that have been seen against ASP and ASP.Net coded sites takes advantage of vulnerabilities in improperly coded sites. These attacks can be mitigated by simply running any user input that can come in contact with the database through a sanitization process, and this does not apply to .Net and ASP code but any language.
The following website has instructions on how to create a black list array that will scan form entries for terms that are not acceptible and will redirect the form to an error page:Filtering SQL injection from Classic ASP
More information and code examples available at:
- How to prevent cross-site scripting - http://support.microsoft.com/kb/252985/