john smith wrote:
> VB Programmer wrote:
> > Using ASP.NET 2.0/SQL Express....
> >
> > In places where I allow data input by users (sign up forms, comments,
> > etc...) do I need to manually safeguard my site against vicious attacks (SQL
> > injection, etc...)? Should I just run all input thru a filter that removes
> > all special characters, like asterick, semicolon, etc...? Or, is this
> > handled internally so I don't have to worry about it? Any suggestions?
> >
> > Thanks.
> >
> >
>
> It depends... You can validate your form entries with regular
> expressions (client side AND server side) and the like. Other than that,
> the main thing is using parameterized queries - *NOT* string
> concatenation to make your SQL queries (that's really asking for
> trouble). That would be a good start :) ASP.NET also does protect you to
> some extent.

VB Programmer wrote:
> Using ASP.NET 2.0/SQL Express....
>
> In places where I allow data input by users (sign up forms, comments,
> etc...) do I need to manually safeguard my site against vicious attacks (SQL
> injection, etc...)? Should I just run all input thru a filter that removes
> all special characters, like asterick, semicolon, etc...? Or, is this
> handled internally so I don't have to worry about it? Any suggestions?
>
> Thanks.
>
>

"VB Programmer" <dont@emailme.com> wrote in message
news:eGdttg6JGHA.916@TK2MSFTNGP10.phx.gbl...
> Using ASP.NET 2.0/SQL Express....
>
> In places where I allow data input by users (sign up forms, comments,
> etc...) do I need to manually safeguard my site against vicious attacks
> (SQL injection, etc...)? Should I just run all input thru a filter that
> removes all special characters, like asterick, semicolon, etc...? Or, is
> this handled internally so I don't have to worry about it? Any
> suggestions?
>
> Thanks.
>