Home

Prevent SQL Injection With Classic ASP

Dan
By Dan
0
1201

Classic ASP might seem like a language that is dead and gone, but it is still alive…somehow. With a language that has become outdated, it can be difficult to fight against modern security risks. Knowing how to prevent SQL injection with classic ASP is a valuable bit of code to have at your disposal. With bots capable of hacking sites, you don’t to make things easy for them. Thankfully, there is a way to setup prepared statements using Classic ASP.

If you are familiar with prepared statements, this shouldn’t be too much trouble. I will admint, this is a pretty ugly implementation, but ASP isn’t exactly bleeding edge, so this is the best we have. The first and most awkward thing about prepared statements with classic ASP, is that you need to declare the data type. For example, if a field in a DB is of type int, you need to declare this when creating the statement. It seems odd, but this is how it goes. the following code will show you a quick and easy way to pull a row from a database by using an ID that is passed in the querystring.

if request.querystring("id") <> "" and IsNumeric(request.querystring("id")) then
    set cmd = Server.CreateObject("ADODB.Command")
    set rs = Server.CreateObject("ADODB.Recordset")

    cmd.ActiveConnection = objConnection
    cmd.CommandText = "SELECT * FROM Posts WHERE id = ?"
    cmd.Parameters.Append(cmd.CreateParameter("@id", 3, 1, , request.querystring("id")))
    set rs = cmd.Execute()

    if not (rs.eof and rs.bof) Then
        'do something
    end if
end if

The only thing that needs to change are the parameters that you pass into the CreateParameter function. As I mentioned previously, you need to declare the data type when adding a command parameter. A full list of all of the data type codes can be found here http://www.w3schools.com/asp/met_comm_createparameter.asp

This is a pretty solid way to prevent sql injection with classic ASP. Nothing is ever bulletproof, so always be on the lookout for ways to further improve the security by validating data even further to prevent any bad data making its way into a query string.

 

Previous article
How To Check If An Email Is Valid And Inbox Exists
Next article
Download A File Using ASP MVC

Related Articles

Related Questions

Feeling Trapped as a Front-End Developer Forced into DevOps

Hey everyone! I've been a front-end developer for 11 years, and while I've been doing a bit of full-stack work, I've recently been pushed...

How Can Beginners Start Earning Money with Programming?

Hey everyone! I've recently jumped into the world of programming, and it's quite a shift from my previous field. I've always been interested in...

Why Can’t My Parents’ Old LCD TVs Play Movies from USB?

I'm trying to get some movies into a USB drive to share with my parents, but they have older LCD TVs that aren't smart...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Tools

Erase Gemini Nano Banana Watermark

Image Tools Dan -
Below is a simple content eraser tool. It works very similar to the content aware fill tool that is used in Photoshop. You can...

Keep Your Screen Awake Tool

Web Tools Dan -
This simple online stay awake tool prevents your computer screen from going to sleep while you have this page open. It runs entirely in your...

Neural Network Simulation Tool

AI Tools Dan -
The Neural Network Visual Builder is an interactive, client-side tool designed to demystify deep learning. It allows users to drag-and-drop neural network layers to...

Ray Trace Simulator – Interactive Optical Ray Tracing Tool

Game Tools Dan -
This ray trace simulator lets you visualise how light rays move through an optical system in real time. You can trace beams as they...

Interactive CPU Architecture Simulator

Electronics Tools Dan -
This is an Interactive CPU Architecture Simulator that provides a hands-on, visual learning experience for understanding how a processor executes code. It models a...

AI Image Upscaler

Image Tools Dan -
Our AI Image Upscaler allows you to upload any image and instantly increase its resolution using advanced upscaling models. Choose between 2x, 3x or...

Latest Posts

Latest Questions