[thelist] Website Hacked?
Anthony Baratta
anthony at baratta.com
Sat May 24 17:43:38 CDT 2008
Chris Anderson wrote:
>> Thanks Anthony. I am checking so that when someone requests a store -
>> ie.
>> Store.asp?id=300 - if it's not a numeric value then they will get
>> redirected
>> to the home page. However, I'm raw on how they could actually get
> data
>
>
> How do you check it's numeric?
> In the past, I've seen library routines that check for numerics just
> check for the possibility of it being converted to an integer - and
> would consider "300;DROP DATABASE foo" as being numeric, because it can
> be converted to a number by just ignoring the right-hand side.
There are multiple ways to check and ensure you have a numeric as the
end result.
ASP: isNumeric(sString)
C#:
try
{
float valNumber = float.Parse(sNumber);
bTruth = true;
}
catch
{
bTruth = false;
}
etc.....
--
Anthony Baratta
In order to live free and happily,
you must sacrifice boredom.
It is not always an easy sacrifice.
More information about the thelist
mailing list