Jump to content

SQL injection

Mondeo

By Mondeo
January 6, 2007 in Database / XML / Reporting

Share

https://www.xtremedotnettalk.com/topic/27583-sql-injection/

Recommended Posts

Mondeo

Newbie

Mondeo

Posted January 6, 2007

Posted January 6, 2007

Whats the best way to prevent this, I mean to prevent malformed user input from causing an exception.

I've realised the obvious of removing any apostrophies before generating the SQL statement but i've no doubt theres a lot more to it than than!

Quote

Administrators

PlausiblyDamp

Newbie

PlausiblyDamp

Posted January 6, 2007

Administrators

Posted January 6, 2007

Use stored procedures or parametrised queries. Basically avoid string concatenation in any of it's forms.

Quote

Posting Guidelines FAQ Post Formatting

Intellectuals solve problems; geniuses prevent them.

-- Albert Einstein

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest

Reply to this topic...

× Pasted as rich text. Paste as plain text instead

Only 75 emoji are allowed.

× Your link has been automatically embedded. Display as a link instead

× Your previous content has been restored. Clear editor

× You cannot paste images directly. Upload or insert images from URL.

Insert image from URL

×

Share

https://www.xtremedotnettalk.com/topic/27583-sql-injection/

Go to topic listing

×

Browse
- Back
- Forums
- Resources
- Blogs
- Events
- Articles
- Downloads
- Gallery
- Staff
- Online Users
- Leaderboard
Activity
- Back
- All Activity
- Search

×

Create New...