ابدأ بالتواصل مع الأشخاص وتبادل معارفك المهنية

أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.

متابعة

How we can protect ASP.NET websites from SQL injection attack ?

user-image
تم إضافة السؤال من قبل Muhammad talal , UI/Web designer and Web developer , Fiverr.com
تاريخ النشر: 2016/03/29
Jehangir Wahid
من قبل Jehangir Wahid , Lead Software Developer , Inaequo Solutions

You can avoid SQL Injection by using Parameterised qeries  or Stored Procedures.

Concern this linkThis will help you out

https://www.youtube.com/user/kudvenkat/search?query=injection

Jamil Abu naser
من قبل Jamil Abu naser , Technical Team Lead , Tetco

Validate the user input properly (Data Type).

Do not write query in your code instead of that use Stored Procedure with parameters 

Ahmad Alhawary
من قبل Ahmad Alhawary , Integrated Systems Development Manager , Telecom Egypt - Egypt

there are three methods:

1-use parameters

2-Use stored procedures

3-validate all input

Tanweer Ahmed
من قبل Tanweer Ahmed , Application Developer , Department of Revenue,Registration and Land Reforms,Government of Jharkhand

By using stored procedure and parameterized sql query you can prevent sql injection

Mansoor Khan
من قبل Mansoor Khan

1. DO NOT TRUST USER DATA. Sanitize all data going in and coming out of the database.

2. Use parameterized sql queries

 

Mohamed Abd El-Fatah
من قبل Mohamed Abd El-Fatah , Senior Software Engineer , Sakhr Software

If you have existing application and it uses queries without parameters you can add HTTP Module to validate all input controls values and query strings

Syed Wahhabuddin Ahmed
من قبل Syed Wahhabuddin Ahmed , IT Project Manager , eTabeb.com - Alawadiliah Information Technology

Avoid inline queries, use stored procedures , use sql parameters

Mohammad Shakir
من قبل Mohammad Shakir

use Sql parameter for query instead direct use sql queries

M  Javad
من قبل M Javad , Project Lead , AVI INFOSYS LLC

Use stored procedures instead of directly using queries in controller

Abdul Rehman
من قبل Abdul Rehman

Use parameters with dynamic SQL. Constrain Input. You should validate all input to your ASP.NET applications for type, length, format, and range.

المزيد من الأسئلة المماثلة