Basically i am looking for the difference between asp injection and sql injection on a asp webpage and what are the different types of asp injection other than sql injection
views:
20answers:
2I think ASP injection can include non-relational database code such as JavaScript.
SQL injection adds SQL to do harm exclusively to your relational database.
Wikipedia might be a good starting place:
http://en.wikipedia.org/wiki/Code_injection
I would suggest that you not accept raw input from web pages without encoding, validating, and binding them on the server side. It's your best chance to guard against unwanted inputs. How will you know an input is potentially harmful until you look at it?
You should always validate on the server side, even if you do client-side validation.
I'd say that it's unlikely that you'll gain a complete understanding or solution here simply by repeating your question and asking for more links. I'd suggest that you demonstrate some initiative and energy by doing something besides passive questioning.
Simple example: You allow uploading of files. Someone uploads an .asp-file, and voila, they can execute any asp code they want.
Another example: You use the Server.Execute()-method to have some filename and/or asp-code stored in your database. Instead of a filename, someone writes some asp code, and voila, they can execute any asp code they want.