Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

server.htmlencode sql injection

Status
Not open for further replies.

Cullen411

Programmer
Aug 17, 2005
89
GB
should I use both server.htmlencode and an SQL injection protection function for every text field and textarea that a visitor can enter info into?
An example would be a user registration form
 
I'm not sure it would be necessary to use HTMLEncode, it would depend on what you plan to do with the text I'd guess.
Definately do SQL injection protection on all your form fields before using them in a SQL statement. Any form value could be spoofed. So make sure you validate lengths and such as well, besides escaping special characters.

barcode_1.gif
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top