sql-injection Archives

What will be the best practices in my code to prevent sql injection?

September 4, 2022 by Magenaut

What will be the best practices to prevent sql injection? My client asked me to prevent sql injection. I used this structure for data inserting or updating public bool Add(GreenItem aGreenItem, Employee emp) { aGreenItem.GreenItemCode = new CommonBLL().GetMaxId("[GreenItemCode]", "[Processing].[GreenItem]", "GTM"); using (SqlConnection objConnection = Connection.GetConnection()) { SqlTransaction transaction = objConnection.BeginTransaction("SampleTransaction"); try { string query = … Read more

Are Parameters really enough to prevent Sql injections?

September 3, 2022 by Magenaut

I’ve been preaching both to my colleagues and here on SO about the goodness of using parameters in SQL queries, especially in .NET applications. I’ve even gone so far as to promise them as giving immunity against SQL injection attacks.

Avoiding SQL injection without parameters

September 3, 2022 by Magenaut

We are having another discussion here at work about using parametrized sql queries in our code. We have two sides in the discussion: Me and some others that say we should always use parameters to safeguard against sql injections and the other guys that don’t think it is necessary. Instead they want to replace single apostrophes with two apostrophes in all strings to avoid sql injections. Our databases are all running Sql Server 2005 or 2008 and our code base is running on .NET framework 2.0.

How can I avoid SQL injection attacks in my ASP.NET application?

September 2, 2022 by Magenaut

I need to avoid being vulnerable to SQL injection in my ASP.NET application. How might I accomplish this?

Preventing SQL Injection in ASP.Net

September 2, 2022 by Magenaut

I have this code

Control SQL injection in MVC

August 31, 2022 by Magenaut

It’s my first time developing using MVC and I want to make it secure.

SQL Injection prevention with Microsoft Access and VB.NET

August 30, 2022 by Magenaut

I’m a beginner in ASP.NET so I have some questions about how to prevent SQL injection in ASP.NET. My programming language is VB.NET, not C#, and I’m using Microsoft Access as my database.

What characters or character combinations are invalid when ValidateRequest is set to true?

August 29, 2022 by Magenaut

I’ve tried looking at the Microsoft site and Googling this but nobody seems to have an answer aside from the < and the >. There’s more to it than that though. I’ve noticed that the HTML entity starter of &# is invalid. Is there anything else? Does anyone have a complete list?

Does asp.net protect against sql injection attacks

August 28, 2022 by Magenaut

By default does ASP.net protect against SQL injection attacks when using ASP controls?

Avoiding an Sql injection attack

August 23, 2022 by Magenaut

I have an asp.net application. In which i have this code: