YAFLogo

asidana
  • asidana
  • 51.8% (Neutral)
  • YAF Forumling Topic Starter
16 years ago
Hi, im new to asp.net and i have noticed that yaf does not escape chars like ' from user inputs. Isn't this dangerous? am i missing something? I can see it uses stored procedures but is that safe enough?
Sponsor
test2005
16 years ago
ASP.Net automatically protects from "potentially dangerous requests" through the validateRequest setting. You can set this ( validateRequest="false/true" ) in the page directive, web.config or machine.config. but I suggest you DON'T!! It defaults to true, leave it!

If your extremely worried, write you own function to strip out an characters you feel are evil and desirve to die. However, don't expect SQL sproc's or command text's to work!

And, as always, don't forget the sunscreen!

:)


.....the man in black fled across the desert..........and the gunslinger followed.....