i have used sql server as database my problem is how do the restricted special character and strange type of web url get inserted into the tables.?

Question

0.00/5 (No votes)

See more:

i have used sql server as database my problem is how do the restricted special character and strange type of web url get inserted into the tables. I have use javascript and ajax for restricting the front end text box. Is that some kind of hacking or sql Injection . Please help ?????

these are strange type of data that inserted into the database somehow ???

xFLDdgiulnxSqk

EkTnBfYFJxiDcjGLOBf

mark357177@hotmail.com

http://www.FyLitCl7Pf7kjQdDUOLQOuaxTXbj5iNG.com

C7F9qF http://www.FyLitCl7Pf7kjQdDUOLQOuaxTXbj5iNG.com

C7F9qF http://www.FyLitCl7Pf7kjQdDUOLQOuaxTXbj5iNG.com

Posted 31-Jan-16 17:02pm

Rohit kumar6210

Updated 31-Jan-16 17:23pm

Dave Kreskowiak

v2

Add a Solution

Comments

_Asif_ 1-Feb-16 1:15am

you need to sanitize your input parameters

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

RDBurmon · Answer 1 · 2016-01-31T19:32:00

I had encountered the same situation where dummy texts were getting inserted in my table even though, My script had input validations

From this case, I can say that you first need to identify that scenario where user is putting the wrong data but your JavaScript couldn't spot it (and allowing data to be inserted in the table)

Below are the few tips which you can try-

1) Try to input above text from your UI and monitor the table on each input.See where it fails
2) Run the SQL profiler while conducting the test#1
3) If you are using SQL proc to insert the data into table (you must use SQL Proc, good to avoid SQL injection) then insert all the parameters along with UserId (id of logged-in user) in to another log table. Spot the user entry where the dirty entries coming from. Connect with that user and understand which scenarios he/she is running
Try to debug your JavaScript for the same scenario

Hope this helps
RDBurmon