C# Tutorials and offshore development in India
    Tutorials   Resources   Forum   Communities   Interview   Jobs   Projects   Offshore Development    
Silverlight Tutorials | Mentor | Code Converter | Articles | Code Factory | Computer Jokes | Members | Peer Appraisal | IT Companies | Bookmarks | Revenue Sharing |


Prizes & Awards
My Profile



Active Members
TodayLast 7 Days more...
New Feature: Community Sites: Create your own .NET community website and start earning from Google AdSense ! It's Free !




Methods to Prevent SQLInjection


Posted Date: 11 Jun 2008    Resource Type: Tips    Category: Web Development
Author: muthuvasaganMember Level: Silver    
Rating: Points: 3



Methods to Prevent SqlInjection.

1.Use ASP.NET Request Validation
2.Validating URLs.
3.Using Code Access Security to Restrict File I/O.
4.Using MapPath to Prevent Cross Application Mapping.
5.Validating File Paths.
6.Validate File and URL Paths.
7.Validate Cookie Values.
8.Validate Query String Values.
9.Allowing Restricted HTML Input.
10.Validating Date ,Numeric and Text Fields.
11.Constrain Input.
12.Explicitly Check Input from Form Fields.
13.Encode Unsafe Output.
14.Use Command Parameters for SQL Queries.
15.Verify that ASP.NET Errors are not returned to the Client.



Responses
Author: Deepa    14 Jun 2008Member Level: Diamond   Points : 0
Good...


Author: Jessie    16 Jun 2008Member Level: Gold   Points : 2
14th point expansion
====================

no=textbox1.text;

Dont write query as

sql= "select * from tab_name where no=" + no

Instead used Command parameters to assign value to query.

In the text box if some one enters like "1;delete from tablename;"
[provided the user knows tablename]

if we directly assign this to a query the table will be deleted. Instead if we assign it to a command parameter it will throw an error saying type mismatch and there by we can avoid sql injection.



Feedbacks      
Popular Tags   What are tags ?   Search Tags  
(No tags found.)

Post Feedback


This is a strictly moderated forum. Only approved messages will appear in the site. Please use 'Spell Check' in Google toolbar before you submit.
You must Sign In to post a response.
Next Resource: Displaying images in URL
Previous Resource: Database Operations Tips [Performance Improvement]
Return to Discussion Resource Index
Post New Resource
Category: Web Development


Post resources and earn money! 		 
Related Resources


dotNet Slackers   BizTalk Adaptors    Web Design

Contact Us    Privacy Policy    Terms Of Use