De tainting dagerous characters

Results 1 to 4 of 4

Thread: De tainting dagerous characters

  1. #1
    Chris Hacking Guest

    Default De tainting dagerous characters

    What is the best way of handling characters like &#039 " ? # &#060;&#062; in fields will be going into sql statements?<BR>Raw Asp tends to dump them verbatim into sql statements, which then ruins the syntax.<BR><BR>These characters wont be part of any script or html, and just need to be displayed as tame text in the finished page<BR><BR>Examples would be appreciated<BR><BR>[using IIS, ASP,ADO, Access maybe SQL]

  2. #2
    Sathiya Guest

    Default RE: De tainting dagerous characters

    Use the Replace function and write ur own procedure so that it will be called everytime when u execute a sql.<BR>

  3. #3
    Join Date
    Dec 1969
    Posts
    569

    Default RE: De tainting dagerous characters

    You can use the replace function alright, but I&#039ve found the url encode funtion a lot quicker (you don&#039t have to put your special characters back into the string at the other end). Special characters are converted to their escape characters:<BR><BR>myNewString = Server.URLEncode(myString)<BR><BR>

  4. #4
    Michael Swanson Guest

    Default RE: De tainting dagerous characters

    If you are using ADO 2.0 or earlier, there is a *very* little-known way of handling this situation in an elegant way. Unfortunately, ADO 2.1 and later currently has a bug that doesn&#039t allow the technique to work (although Microsoft is aware of it).<BR><BR>I have a function called SQLEncodeString that takes any string and encodes it into hexadecimal format. The string must be preceded with 0x and contain hex pairs. This can be passed as a string value...just make sure you don&#039t surround the hex with quotes. For example:<BR><BR>Fieldname = 0x6ABC0D0A<BR><BR>This way, you don&#039t have to check for anything at all...you can just store it!<BR><BR>Michael Swanson, MCSE, MCP+Internet<BR>Webmaster<BR>Donnelly Corporation<BR>mike.swanson@donnelly.com


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •