Register now or log in to join your professional community.
You can avoid SQL Injection by using Parameterised qeries or Stored Procedures.
Concern this linkThis will help you out
https://www.youtube.com/user/kudvenkat/search?query=injection
Validate the user input properly (Data Type).
Do not write query in your code instead of that use Stored Procedure with parameters
there are three methods:
1-use parameters
2-Use stored procedures
3-validate all input
By using stored procedure and parameterized sql query you can prevent sql injection
1. DO NOT TRUST USER DATA. Sanitize all data going in and coming out of the database.
2. Use parameterized sql queries
If you have existing application and it uses queries without parameters you can add HTTP Module to validate all input controls values and query strings
Avoid inline queries, use stored procedures , use sql parameters
use Sql parameter for query instead direct use sql queries
Use stored procedures instead of directly using queries in controller
Use parameters with dynamic SQL. Constrain Input. You should validate all input to your ASP.NET applications for type, length, format, and range.