WebApp Sec: Web Forms filtered with SQL constraints

[Bénoni MARTIN <Benoni.MARTIN () libertis ga>]

Hi list !

I was wondering how to solve the 2 following problems: I have ASP (not ASP.NET) formulaires people have to fill in. To 
avoid SQ injection attacks and other tricks, I have set up some Jscript filtering on each field (i.e. for instance a 
name can just be alphabet's characters and no figures :) ), and I am planning to do the same on my Database (setting up 
constraints).


But I have 2 questions:
        - How can I hide my Jscript filtering from the user ? When I want to see the source, everything is diaplayed, 
quite normal :( ... Maybe it's not so good to tell people what I have done to filter them :) I saw some sites where it 
is impossible to see the source, impossible to "hoover the site", impossible even to print ... But I have not been able 
to find on the net how to do this :(

        - How can I deal with possible SQL errors within an ASP page ? I mean, if a field has been filled in, bypass my 
Jscript filtering (no matter how), and gets to the database but is then "stopped" by an SQL onstraint, how do I raise 
this error on an ASP page without diplaying an explicit error (giving the user the name of my database for instance) ?

Cheers for any clue, I am lost on this topic :(