[thelist] Data validation (Best Practice) - asp/sql server

Michael Pack michaelpack at wvdhhr.org
Thu Nov 18 09:44:25 CST 2004


Thanks for the info Peter! FYI - The article can be found at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/bldgapps/ba
 _highprog_11kk.asp
. It claims best practice for data validation for SQL Server 2000
applications. Please let me know if I am not understanding the context.

Thanks.
 

>>> "Peter Brunone (EasyListBox.com)" <peter at easylistbox.com>
11/18/2004 10:21:01 AM >>>

Hi Michael,

   Without knowing any more about that article, I'd say it's wrong.  If
you wait until you're in the stored proc for validation, you're opening
yourself up to SQL injection as well as involving more processes that
don't need to be involved at that stage.  Besides, I found (back when I
did a lot of "Classic" ASP) that validating in the page was a lot easier
to do that trying to code it in TSQL (or any SQL, for that matter).

   Again, maybe that line is taken out of context, but since that's all
I have here, I'd recommend ignoring that advice.

   For more ASP best practices (and other subject matter), you might
want to consult the lists at http://www.aspfriends.com , since they have
very specialized groups dedicated to various aspects of ASP.

Cheers,

Peter

From: "Michael Pack" michaelpack at wvdhhr.org

Hi all, I'm back to collect some more information from all the gurus
out there. This time around I'm curious about best practice for data
validation. 

My current practice is to check against required fields before submit
using javascript. I then add an additional line of defense for required
fields with ASP conditional statements and perform all data validation
through vbscript as well. If all checks out I run the transaction.

I became a bit curious yesterday when I ran into a "Best Practice for
Validating User Input" article at MSDN that points out...

*> Use stored procedures to validate user input.

I'm wondering the cons and pros of using the database for validation
versus vbscript?

Thanks for any information.

-- 

* * Please support the community that supports you. * *
http://evolt.org/help_support_evolt/

For unsubscribe and other options, including the Tip Harvester 
and archives of thelist go to: http://lists.evolt.org 
Workers of the Web, evolt ! 


--

* * Please support the community that supports you.  * *
http://evolt.org/help_support_evolt/

For unsubscribe and other options, including the Tip Harvester
and archives of thelist go to: http://lists.evolt.org
Workers of the Web, evolt !



More information about the thelist mailing list