Catch the security flaw #1 (Flaw and its countermeasure)

It is time to discuss the flawed code that I posted a couple of weeks back. The comments posted were good and in essence summarize the flaw. The circled part is an example of an embedded code block. The query string parameter “id” will be inserted inside the <% %> block, creating HTML at the client…

1