View previous topic :: View next topic |
Author |
Message |
boywonder381 -
Joined: 30 May 2019 Posts: 3
|
Posted: Thu May 30, 2019 2:44 pm Post subject: SQL Injection |
|
|
I'm having problems trying to setup SQL injection feature. I'm using 2 pages, one for the query and one for the connection. Here is my query:
<%
msg = "select P.txtAp, P.txtLevel1, P.txtPromotionGroup, P.intGroup, P.txtLevel3 , C.txtCode, ISNULL(P.curBudget, 0) as curBudget, P.ysnSurvey, "
msg = msg & " convert(date, dtmExpir 101) as dtmExpir, convert(date, dtmSubm, 101) as dtmSubm"
msg = msg & " from tblApps P inner join tblCodes C on P.txtApp = C.txtApps "
msg = msg & " where P.ynactive = 1 AND P.txtApps = ? "
%>
<!--#include file="vb/connlogin.asp"-->
<%
Here is the connlogin.asp file with the connection setup:
<%
db_computer = db_computer
db_id = db_id
connstr = "Driver={SQL Server}; SERVER=" & db_computer & "; DATABASE=" & db_id &"; UID=" & db_userid & "; PWD="& db_userpw
getProgID = ProtectSQL(request.QueryString("f"))
Set oConn = server.CreateObject("ADODB.Connection")
oConn.Open connstr
oConn.Prepared = true
oConn.commandtext=msg
oConn.Parameters.Append oConn.CreateParameter("@myProgID", adInteger, adParamInput, , getProgID)
set rst = oConn.execute
%>
What I'm I doing wrong? _________________ boywonderrrr |
|
Back to top |
|
|
admin Site Admin
Joined: 03 Mar 2002 Posts: 1327
|
Posted: Fri May 31, 2019 5:27 pm Post subject: Re: SQL Injection |
|
|
This is a coding question about ASP. And without context or a clear description of the issue, it would be difficult to help. _________________ Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
Back to top |
|
|
boywonder381 -
Joined: 30 May 2019 Posts: 3
|
Posted: Mon Jun 03, 2019 8:13 pm Post subject: |
|
|
The issue is that it does not generate an error nor does it show the data from the query by using the ?. _________________ boywonderrrr |
|
Back to top |
|
|
admin Site Admin
Joined: 03 Mar 2002 Posts: 1327
|
Posted: Tue Jun 04, 2019 3:12 pm Post subject: |
|
|
boywonder381 wrote: | The issue is that it does not generate an error nor does it show the data from the query by using the ?. |
It is very hard to help with such programming errors when the program/script executes without any complaint but does not do what you want.
It is probably better to check with a friend or colleague and have a second look on the program/script. Sometimes, a fresh look can help detect errors that went unnoticed by the original developer. _________________ Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
Back to top |
|
|
boywonder381 -
Joined: 30 May 2019 Posts: 3
|
Posted: Fri Sep 27, 2019 9:05 pm Post subject: This is fixed |
|
|
Dont worry I fixed it... _________________ boywonderrrr |
|
Back to top |
|
|
|