[thelist] Website Hacked?

Anthony Baratta anthony at baratta.com
Sat May 24 17:43:38 CDT 2008


Chris Anderson wrote:
>> Thanks Anthony.  I am checking so that when someone requests a store -
>> ie.
>> Store.asp?id=300 - if it's not a numeric value then they will get
>> redirected
>> to the home page.  However, I'm raw on how they could actually get
> data
> 
> 
> How do you check it's numeric?
> In the past, I've seen library routines that check for numerics just
> check for the possibility of it being converted to an integer - and
> would consider "300;DROP DATABASE foo" as being numeric, because it can
> be converted to a number by just ignoring the right-hand side.

There are multiple ways to check and ensure you have a numeric as the 
end result.

ASP: isNumeric(sString)

C#:
             try
             {
                 float valNumber = float.Parse(sNumber);
                 bTruth = true;
             }
             catch
             {
                 bTruth = false;
             }

etc.....


--
Anthony Baratta

In order to live free and happily,
you must sacrifice boredom.
It is not always an easy sacrifice.



More information about the thelist mailing list