If a user typed < script > in the field using stored procedures would not help.
>Use stored procs as the first defense.
>
>>Hi everybody,
>>
>>I'm thinking, that instead of trying to intercept every request we may try to use UPDATE/INSERT triggers for every table and reject entries contaning < script > Does it sound like a better approach?
>>
>>What do you think?
>>
>>Thanks in advance.
If it's not broken, fix it until it is.
My Blog