|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
 |
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
|
|
|
|
| ||||||||||||||||||||||||||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Display Modes |
Dev Articles Community Forums Sponsor:
|
|
|
|
#1
March 9th, 2004, 01:44 PM
|
|||
|
|||
|
User Input Validation in ASP
Hi all,
I have forms and photo upload features in my website. I'm using IIS 5.1 in Windows XP Pro. What do I need to add into my code to validate user input? I had SQL injection attack before, now I use replace function to remove any malicious words such as SELE, DELE, Ad, etc.. to prevent SQL injection attack. Are there any other attacks which it can be triggered in a text input field? What do I need to do to prevent it? I also have a photo upload feature, it allows user upload photos to my table and the photo will be displayed in the gallery. How can I validate the user upload file is image file only? I mean user might be able to upload malicious scripts, virus to my server. How can I prevent that? I'm using ASPUpload software to achieve this feature. Thanks.
|
|
#2
March 9th, 2004, 04:15 PM
|
||||
|
||||
|
Most uploading objects allow you to specify which content type you want uploaded. Most will also check the file size too, as you don't want a user uploading a 1GB file
 As for the validation - the reasons for validating user input are well documented. One of the big ones is to replace any single quotes with two single quotes.
|
|
| Viewing: Dev Articles Community Forums > Programming > ASP Development > User Input Validation in ASP |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
