Don't be naive... people do want to mess with your site

I haven't done much to update uberasp.net because the book is taking most of my time, but I pop in to answer POP Forums questions daily. I was playing with the book section, which I use to buy books from Amazon (so I get a kick-back) when I got an error because the Amazon Web service didn't respond for whatever reason.

After I got the frienly error message indicating that the error had been logged, I went and checked my log. I found some interesting errors. The logged URL's had all kinds of stuff tacked into the query strings like “insert into” and “delete from.” Dozens of guesses were there intended to create a SQL injection attack.

Naturally I use parameters and parse anything that can be molested in the request, but it just goes to show you that people will mess with you.