Jump to content

Security Questions


Eivo
 Share

Recommended Posts

I am creating a content management system using MsSQL and ASP, and I want to make it as secure as I can. So my question is, what characters should I block the user from entering in my database? And a more general question, what are some things I should do in general to keep myself safe from attacks and the like? Thanks in advance!:)EDIT: If it helps I am using ASP (not .NET) with JScript (not VB).

Link to comment
Share on other sites

I am creating a content management system using MsSQL and ASP, and I want to make it as secure as I can. So my question is, what characters should I block the user from entering in my database? And a more general question, what are some things I should do in general to keep myself safe from attacks and the like? Thanks in advance!:)EDIT: If it helps I am using ASP (not .NET) with JScript (not VB).
If your creating stored procedures, then you only need to fill your command object with the correct parameters and SQL Server will take care of the rest.Otherwise, if you're creating dynamic queries or your queries are embedded in JScript, then escape single quotes (') and double quotes ("). If you're using another database like MySQL, then you should escape backslashes (\) too.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...