How to write a fuction to prevent attack from sql injection? Im using Sql server2000 & asp.net.. please reply faster that how to validate server side input values...
thank u for the support
thank u for the support
-
-
it is not possible to write here the function to prevent sql-injection...... rather you should know in-depth what is a sql-injection and how it can be prevented.....p lenty of possibilities there which could cause your sql to crash......you have to identify those cases and write your own function accordingly.... .....Originally posted by iswar
read here........... ...
secondly what do u mean by server side input values???? -
A few quick thingsOriginally posted by iswar- Make sure to validate all information coming from the browser.
- Use stored proceedures: they are precompiled so that you don't have to create query strings based on the users input (which are compiled along with your sql queries).
- Remove double quotes (") from user's input
- Use parameters to indicate that the user's information should be handled as a Parameter instead of part of your sql statement...
Seeing as these are just a few things mentioned quickly off the top of my head, I strongly recommend checking out the link that dip_developer has posted and doing research on the topic to guard yourself against this type of attack.
-FrinnyComment
Comment