need bullet proof input validator

M

Mike Brind

Dave Anderson said:
Well, it certainly is relevant to my point. I had already recommended
parameterized stored procedures, and was merely making the point that,
since I know little about Access (other than the fact that it does not
have SPs), I could not offer a suggestion. I made that knowing full well
that concatenation is the problem.
Click to expand...

It's not relevant to preventing SQL injection in Access/SQL Server. You
can use the Command object and parameter markers in your ASP page. No need
for stored procs/saved queries at all.
 
V

Victor

Well, the only reason why someone would put "%>" or "<%" in an input string is because
they are a baddie, so you'll want to ban their IP with extreme prejudice because it
makes good sense to do so.
 
D

Dave Anderson

Victor said:
Well, the only reason why someone would put "%>" or "<%" in an
input string is because they are a baddie, so you'll want to ban
their IP with extreme prejudice because it makes good sense to
do so.
Click to expand...

Hypocrite.
 
D

Dave Anderson

Victor said:
Cupcake.
Click to expand...

"Hypocrite" is germane to the discussion because it directly addresses the
fact that you used both "<%" and "%>" while asserting there was no
legitimate justification for doing so. "Cupcake" is off-topic.
 
V

Victor

"Hypocrite" is germane to the discussion because it directly addresses the
fact that you used both "<%" and "%>" while asserting there was no
legitimate justification for doing so. "Cupcake" is off-topic.
Click to expand...

Hey, Dave, unless you haven't noticed I'm not typing this into a form field where there
is no justifiable reason for those delimiters, I'm typing it into a newsgroup where
there is a justifiable reason for the deliminters.

And "Cupcake" is perfectly on-topic for your behavior, bucko.
 
D

Dave Anderson

Victor said:
Hey, Dave, unless you haven't noticed I'm not typing this into
a form field where there is no justifiable reason for those
delimiters, I'm typing it into a newsgroup where there is a
justifiable reason for the deliminters.
Click to expand...

So you believe such strings are not legitimate uses for users who post to
this group via web interfaces?


And "Cupcake" is perfectly on-topic for your behavior, bucko.
Click to expand...

How, exactly, does it relate to "need bullet proof input validator"?
 
S

SLH

dont you all just love these battles of wits from people with way too much
time on their hands?
hey while we're at it why dont we discuss the pros and cons of bottom or top
posting?
and why its fine for millions to top post in email, but when it comes to a
newsgroup conversation
it somehow becomes way too complicated to scroll to the bottom and read up!
LOL

or howzabout the REAL old timers that get all bent when you posy html
content to a newsgroup? now theres a funny one.
since theres not a server or client on the planet that has a problem with
html for the past 200 years!

people make me laugh
 
M

Mike Brind

Victor said:
...

Hey, Dave, unless you haven't noticed I'm not typing this into a form field where there
is no justifiable reason for those delimiters, I'm typing it into a newsgroup where
there is a justifiable reason for the deliminters.
Click to expand...

If you had used Google groups or any of the other web interfaces to
Usenet rather than OE, and they subscribed to your suggested policy,
you wouldn't have been able to do so.
 
M

Mike Brind

SLH said:
Access does in fact have stored procedures.
Click to expand...

Access does NOT in fact have stored procedures. It has saved queries.
Stored procedures are something else entirely.
 
S

SLH

ah yes... luckily for me you have a serious OCD problem and couldnt let that
go, even though you knew EXACTLY what i meant.
 
M

Mike Brind

ah yes... luckily for me you have a serious OCD problem and couldnt let
that go, even though you knew EXACTLY what i meant.
Click to expand...

Oh, please. Get over yourself.

I corrected your factual inaccuracy for the benefit of others who come to
this group genuinely interested in learning something. They might not know
EXACTLY what you mean.

That kind of correction goes on all the time in this group, and other
technical groups where accuracy in terminology is important. No one else
gets touchy about it.
 
V

Victor

ah yes... luckily for me you have a serious OCD problem and couldnt let that
go, even though you knew EXACTLY what i meant.
Click to expand...

If you can't behave like a professional, SLH, you have no business being on this group.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Need help with this script 4
trim whitespace, bullet proof version 63
A process take input from /proc/<pid>/fd/0, but won't process it 0
Need a Programmer in javascript 5
Problem with android and scrolling with <input textarea 5
Reversing output of user input by using while loop... 2
How to treat an input data as variable? 4
I Need Fix In Code 1

Members online

No members online now.
Total: 25 (members: 0, guests: 25)
Robots: 373

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,014
Latest member
BiancaFix3

Latest Threads

Top