Simple user input sanitization

 

I am using Server.HttpEncode() , and HttpDecode() in order to sanitize user form input, as well as having the server throw an exception when a "potentially dangerous" input is detected.

(Data is then saved to an MSSQL database)

Is this considered enough to stop SQL / Javascript injection and similar?

No it doesn't prevent it at all. It is used more so to prevent XSS attacks as explained by Microsoft here. Read this Stackoverflow question for some ideas on preventing SQL injection.

Depending on the environment you are in, I would use a technology such as the Entity Framework or NHibernate which prevents SQL injection altogether, so you do not even have to worry about it.

可能,但几乎肯定不是。

链接地址: http://www.djcxy.com/p/21646.html

上一篇: 用Spring MVC框架消除用户输入

下一篇: 简单的用户输入消毒