[devtalk] ASP help
Robert Hoenig
rhoenig at hoenigcomputers.com
Mon Oct 26 13:01:34 GMT 2009
I would suggest using a store procedure to do the work. This would fix your
sql injection problems as it's much harder to inject SQL into a store proc.
-----Original Message-----
From: devtalk-bounces at lists.preshweb.co.uk
[mailto:devtalk-bounces at lists.preshweb.co.uk] On Behalf Of Portman
Sent: Monday, October 26, 2009 7:56 AM
To: Web Developers List
Subject: [devtalk] ASP help
Hi all,
Does anyone out there know ASP? I don't know it (been giving myself a crash
course) and am trying to help someone fix a problem on their website. The
main problem is that the page is supposed to check, when someone signs up
for a newsletter, if they are already in the database.
If not, it adds them to the database. The code is rejecting every email
address, saying that it is already in the database.
This website was attacked repeatedly by SQL injection attacks and I tried my
best to prevent that from the little that I have learned. Now the newsletter
emails are being rejected (out of the blue) and I have no idea why or how to
go around it. I don't want to use JavaScript because the attacks get through
that. Any ideas would be REALLY appreciated.
TIA,
Riva
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.preshweb.co.uk/pipermail/devtalk/attachments/20091026/42107184/
attachment.htm
_______________________________________________
devtalk mailing list
devtalk at lists.preshweb.co.uk
http://lists.preshweb.co.uk/mailman/listinfo/devtalk
More information about the devtalk
mailing list