[thelist] Data validation (Best Practice) - asp/sql server
Peter Brunone (EasyListBox.com)
peter at easylistbox.com
Thu Nov 18 09:21:01 CST 2004
Hi Michael,
Without knowing any more about that article, I'd say it's wrong. If you wait until you're in the stored proc for validation, you're opening yourself up to SQL injection as well as involving more processes that don't need to be involved at that stage. Besides, I found (back when I did a lot of "Classic" ASP) that validating in the page was a lot easier to do that trying to code it in TSQL (or any SQL, for that matter).
Again, maybe that line is taken out of context, but since that's all I have here, I'd recommend ignoring that advice.
For more ASP best practices (and other subject matter), you might want to consult the lists at http://www.aspfriends.com , since they have very specialized groups dedicated to various aspects of ASP.
Cheers,
Peter
From: "Michael Pack" michaelpack at wvdhhr.org
Hi all, I'm back to collect some more information from all the gurus out there. This time around I'm curious about best practice for data validation.
My current practice is to check against required fields before submit using javascript. I then add an additional line of defense for required fields with ASP conditional statements and perform all data validation through vbscript as well. If all checks out I run the transaction.
I became a bit curious yesterday when I ran into a "Best Practice for Validating User Input" article at MSDN that points out...
*> Use stored procedures to validate user input.
I'm wondering the cons and pros of using the database for validation versus vbscript?
Thanks for any information.
--
* * Please support the community that supports you. * *
http://evolt.org/help_support_evolt/
For unsubscribe and other options, including the Tip Harvester
and archives of thelist go to: http://lists.evolt.org
Workers of the Web, evolt !
More information about the thelist
mailing list