Protect From SQL Injections Without Affecting Functionality
I am trying to figure out a good way to go by protecting from sql injections, but still letting people be able to post those symbols etc...
View RepliesI am trying to figure out a good way to go by protecting from sql injections, but still letting people be able to post those symbols etc...
View RepliesA collegue developer was criticising a code practice that i have been using, saying that it is vulnerable to SQL injections:
If i excecute a stored procedure like this within my ASP code, is this make my the sql query vulnerable to injections?
conn.Execute("exec pTopCategories " & SupplierID)
i can use this to change the time on my site by +2 hours:
offsetminutes=120
thetime=dateadd("n", offsetminutes, time())
but, say it's 11pm.. the script above will make it 1am, but will the date in " date() " go ahead one day too?
the other thing i could do is this:
offsetminutes=120
thetime=dateadd("n", offsetminutes, now())
using now() instead of time(). but then when i want to print " thetime " onto a page, ill get something like "7/11/2005, 5:10:13 PM". how could i then separate the new date from the new time and print them to a page separately?
i have a server that has x number of pdf's. from time to time people are wanting to print one or more of those pdf's. right now they have to open up each pdf individual and then print. which can get annoying and time consuming after 3 or 4 pdf's.
i'm going to setup a simple screen where they can use a checkbox to select which pdf's they want to print, hit print, and then combine the selected pdf's into a temporary pdf where they can go through the process one time.
do yo all know of perhaps some functionality built into asp or some third party deal that will allow me to do this?
i have this search textbox and i want to search the likeness of the value
i've entered in the box i created a query but i notice that when i type small caps letters it returned no results...
no matching record but when i capitalized the first character records were found
e.g i type San the query returned results... i entered san and it returned nothing....this is my code "select * from profile where name='varname%'"
help please?
I am really interested in creating a search the site.I am unsure how to actually approach such a task, but would rather do this using ASP, without the use of third party search tools, taht I know can be used.Can anyone give me some direction for actually developing one.I hope to add one to my site in the future, as the site will mainly be focussed towards offering tutorials etc, and it would be cool to actually have a serach utility, that could make things a lot easier for the viewer.
Any advice.
I have briefly looked at one offered on: http://www.stardeveloper.com/
But the complexity of it is overwhelming, and includes code that I dont think would be required for the search I actually have in mind.
Im trying to finish off this project, but obviously I need a way for them to edit the database through asp. Does anyone know a good place to get some code or tutorial help for this?
View Replies View Relatedpoint me to some code/pointers that would pull down the HTML of a page as a string, a little like ASPTear?
View Replies View RelatedI made an application using asp using help from fellow members. This application allows user to download files uploaded through ftp through a web page. they can select the check-boxes and download all the files in a single zip file.
Now some users want that some search functionality should be put on so that they can type a part of file name and all the files having the searched words in their name should come on a separate page so that they can select and download in one go.
InterDev 6 IntelliSense functionality is gone. IntelliSense is when you type Response. and it automatically pops up a menu with Response Methods:
Write
End
Redirect
...
Anybody knows which Windows DLL's or EXE are responsible for this functionality?
I want to give Excel functionality. like copy/paste functionality in a web page and similarly I want to update the respective values at the backend after some action is taking by the user. like save/upadate data.
View Replies View RelatedI need to read information from a delimitered text file and list it in a specified format on a web page.
I have no access to a database so have to use the method above, I am wondering though, how much of a strain this sort of function would be (ie. load times etc) for a very large list?
If someone could point me in the right direction of which functions i need to be learning about (Old hand at PHP brand new to ASP),
I want to add a "quick search" functionality in ASP or ASP.NET page. I heard
we can use Microsoft Indexing Service to accomplish the task, but not sure
how to do it. Is this the correct approach? Code:
I want to redirect users who DO NOT SUPPORT sessions to another page.
Think this will work? PSEUDO CODE:
-------------------------------------------------------------------
<asp vbscript>
<session("test")="true">
<if session("test")="true" then do nothing else
response.redirect(www.domain.com/nosessions) end if>
-------------------------------------------------------------------
This is setting a session state of "true", and I presume if sessions are
disabled for security reasons, that the site will redirect accordingly?
I am trying to create a very simple search functionality on my site. But I keep getting syntax error. Any one knows what I am doing wrong? Code:
View Replies View RelatedI'm pretty new to this and im in the process of developing a site for a wildlife photographer in ASP and i need to implement an image search on the site including the functionality to add images to a lightbox etc. And to be honest i just dont know where to start... been searching and currently still searching .....
View Replies View Relatedhow can you protect the .mdb that an asp page modifies? This must be open to all for modifications right? But how can it be hidden so people can't just download it if they guess the path?
View Replies View RelatedI'm trying to protect a directory from users not logged in.
Let say i'm trying to protect a direcory called files.
I only want the user to acces the files when they've logged in.
http://www.sitename.com/files/filename.doc
Even though they know the name and path i want to prevent people from downloading the files.
I don't want the user to be able to send out the link to another friend without logging in.
Is this possible i'm using a wiindows server.
how to protect any files inside a directory from unauthorized download?
View Replies View RelatedI have several PDF and MPG files I would like to provide to users to
download via HTTP. I also have a database of user accounts. I would like to
protect the PDF and MPG files so that users cannot "save target as" or "view
source" to directly link to the files.
My first thought is that I would have to remove anonymous access to these
files and/or their parent folder within IIS. I was thinking that I could
then create a Windows account called something like WebUsers and give it
access to that folder. I'm hoping to write some ASP code that authenticates
my users against my own database and, if successful, logs them into IIS via
the WebUsers account (so that all my users share the same account).
My problem is I cannot find an code or method or object to do this. Is there
some simple function that I can use to pass a username, pw, and domain to
IIS to authenticate the user that would then carry through for them to be
able to download non-ASP (PDF, etc.) content?
Ok, this is the setup:
I have archived PDFs, but I want to restrict access to them to members only. Right now, my members only site uses a session variable to log in users.
Is there anyway to set it up so that users cannot open the PDFs unless they're logged in???
The problem is the members only site is seperate from the site where the PDFs reside. That is, a user goes to mymagazines.com and searches for sometext, and a list of links pops up with all the relevant matches, mostly PDFs. This entire process, is free for all to use.
But when they actually click on the link to the PDF, I want them to log in to the members only site. Is there any way to do this?
I have a protected area for a personal portfolio, whereby a client will have login details, and have access this way. Because the work has been done within companies I have to hide this from the general public, due to stupid legal issues.
I have a download directory whereby files are linked. People cannot access the portfolio, however people can type a full path to say the downloads directory and grab a file this way.
Because this is not a managed area as such I am unsure how to disallow such a download or viewing of pdf files without a successful login. Perhaps this is something to do with the host.
let say a customer buy the pay version. there is a chances for him to give other people to install it n use..is there any way i can block it. 1 application only for 1 person / domain name. any suggestions on the coding part.
View Replies View Relatedi've developed an appliaction that i want to sell it to my client, but dont want him to reseller it, so is there any solfware or techniques that i can used to protect my asp source ?
View Replies View RelatedI'm selling asp softwares on the net and I would like to find a way of protecting these softwares with a key or something. Would you know any solution for that?
View Replies View RelatedI'm after a script that will allow me to password protect a page, but allow multiple users. IN that I mean I can have 5 people with different usernames/passwords who can all access the same page.
View Replies View RelatedI have a simple 2 page frameset that I am trying to protect using asp. I've
included the following code listed below at the top of each page including
the frameset page in an attempt to protect each page from unauthorized
access.
When I open any of the pages in the frameset individually, I am
presented with the proper login page as expected, however if I open them
thru the frameset page, redirection to my login page does not occur. Code:
I am working on a web site that uses ASP 3.0 with Microsoft SQL Server at the backend. ASP is used to query the database and fetch data and display it on the web page. I am seeking a technique that can protect my ASP pages from being downloaded.
What I mean by this is that when a visitor runs a search query on my site and the results are displayed on the web page with .asp extension I want to restrict the visitors from saving those pages on their hard drvies. Is there a technique to restrict visitors from saving .asp pages, or may be a 3rd party component that does this.
is it possible to protect ASP code in some way? Can it be compiled, or
otherwise protect the source somehow?
I have a small ASP application that has no OCXs (so there is nothing for the users to download, etc) and no DLLs (so nothing to register).
Currently, I only allow prospects to demo it online through my server and then they get the files (source code) when they purchase it.
What I would like to be able to do is allow them to trial it on their servers for a limited period, but I don't know how to protect my code from being seen, used (if they don't pay) or copied?
Can you please suggest the possible ways of doing this? I know that you can copy functions into a compiled DLL and then protect the DLL, but then I would have to run an install program to register the DLL, correct?
Is there anyway for me to make users enter an username and password in order to get access to download a pdf file.
I will have a list of valid usernames and passwords?
what is the best way to protect the connection strings keeping an effective, low overheaded access to them ?
I have one registration form with "submit" button. I don't know how to make protection from automatic submit (with picture and security code)?
View Replies View Related