Nowaday, a bad or unoptimizes SQL query could easily compromised or get attacked. However you may try to reduce or prevent (Don't say avoid, it is not possible, keke) the SQL injection through your expression rules.
If you are using IIS as your web engine, you may use some expression to reduce the SQL injection.
CODE:
-
[dD][\%]*[eE][\%]*[cC][\%]*[lL][\%]*[aA][\%]*[rR][\%]*[eE][\s\S]*[@][a-zA-Z0-9_]+[\s\S]*[nN]*[\%]*[vV][\%]*[aA][\%]*[rR][\%]*[cC][\%]*[hH][\%]*[aA][\%]*[rR][\s\S]*[eE][\%]*[xX][\%]*[eE][\%]*[cC][\s\S]*
So the full web.config file will be look as below.
CODE:
-
‹?xml version="1.0" encoding="UTF-8"?›
-
‹configuration›
-
‹system.webServer›
-
‹rewrite›
-
‹rules›
-
‹rule name="Filter SQL injection" stopProcessing="true"›
-
‹match url=".*" /›
-
‹conditions›
-
‹add input="{REQUEST_URI}" pattern="[dD][\%]*[eE][\%]*[cC][\%]*[lL][\%]*[aA][\%]*[rR][\%]*[eE][\s\S]*[@][a-zA-Z0-9_]+[\s\S]*[nN]*[\%]*[vV][\%]*[aA][\%]*[rR][\%]*[cC][\%]*[hH][\%]*[aA][\%]*[rR][\s\S]*[eE][\%]*[xX][\%]*[eE][\%]*[cC][\s\S]*" /›
-
‹/conditions›
-
‹action type="AbortRequest" /›
-
‹/rule›
-
‹/rules›
-
‹/rewrite›
-
‹/system.webServer›
-
‹/configuration›
Popularity: 55%
Related posts:
![[Google]]( http://www.mickgenie.com/blog/wp-content/plugins/easy-adsenser/google-light.gif)
@h ju (7)
marccus (3)
arren (2)
bosscat (2)
canmasu (1)
EinsamSoldat (1)
GuTi (1)
Hire Dedicated C#... (1)
Jaylax (1)
K.C (1)
KcYeap (1)
Keat (1)
Steve (1)
