I have a signup form and I want to be careful with information that is entered so I'm thinking that I should take these steps.
1. retrieve the form elements and set to variables, then replace the apostrophe in variables with two single apostrophes.
2. Next check for any sql injection characters or phrases
3. use Server.HtmlEncode when inserting values into database.
How does that sound, am I missing anything?
1. retrieve the form elements and set to variables, then replace the apostrophe in variables with two single apostrophes.
2. Next check for any sql injection characters or phrases
3. use Server.HtmlEncode when inserting values into database.
How does that sound, am I missing anything?