1. Home
  2. Forums Index
  3. Server Side / Microsoft IIS Web Server and ASP.NET 8:24 am Apr 28, 2026

Forum Moderators: open

Message Too Old, No Replies

Making a database spiderable

ms sql database

         

Roxster

3:37 pm on Apr 16, 2007 (gmt 0)

10+ Year Member



My web developer uses asp.net and my database was spiderable, but scanalert says it is a SQL injection vunerability when I do it. Rather than having a drop down I had links that pass values through the url. Is there a way to do this without risking SQL vunerability?

Ocean10000

8:54 pm on Apr 16, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



<Rant>
Secure Programing Basics
Any data supplied by a user should be validated and cleaned before use and display. This includes form & query string variables that can be changed by a user, which just about everything supplied by the browser or bot.
</Rant>

Now with that being said, what the vulnerability scanner is saying is that you are probably displaying data that has not been escaped for display in the webpage from the query string parameter. Having data that is unescaped from the query string is a cross site scripting vulnerability.

Related Links
Stop SQL Injection [msdn.microsoft.com]

Anti-Cross Site Scripting Library [msdn2.microsoft.com]

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Microsoft IIS Web Server and ASP.NET 8:24 am Apr 28, 2026