Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

How we can protect ASP.NET websites from SQL injection attack ?

user-image
Question ajoutée par Muhammad talal , UI/Web designer and Web developer , Fiverr.com
Date de publication: 2016/03/29
Jehangir Wahid
par Jehangir Wahid , Lead Software Developer , Inaequo Solutions

You can avoid SQL Injection by using Parameterised qeries  or Stored Procedures.

Concern this linkThis will help you out

https://www.youtube.com/user/kudvenkat/search?query=injection

Jamil Abu naser
par Jamil Abu naser , Technical Team Lead , Tetco

Validate the user input properly (Data Type).

Do not write query in your code instead of that use Stored Procedure with parameters 

Ahmad Alhawary
par Ahmad Alhawary , Integrated Systems Development Manager , Telecom Egypt - Egypt

there are three methods:

1-use parameters

2-Use stored procedures

3-validate all input

Tanweer Ahmed
par Tanweer Ahmed , Application Developer , Department of Revenue,Registration and Land Reforms,Government of Jharkhand

By using stored procedure and parameterized sql query you can prevent sql injection

1. DO NOT TRUST USER DATA. Sanitize all data going in and coming out of the database.

2. Use parameterized sql queries

 

Mohamed Abd El-Fatah
par Mohamed Abd El-Fatah , Senior Software Engineer , Sakhr Software

If you have existing application and it uses queries without parameters you can add HTTP Module to validate all input controls values and query strings

Syed Wahhabuddin Ahmed
par Syed Wahhabuddin Ahmed , IT Project Manager , eTabeb.com - Alawadiliah Information Technology

Avoid inline queries, use stored procedures , use sql parameters

use Sql parameter for query instead direct use sql queries

M  Javad
par M Javad , Project Lead , AVI INFOSYS LLC

Use stored procedures instead of directly using queries in controller

Use parameters with dynamic SQL. Constrain Input. You should validate all input to your ASP.NET applications for type, length, format, and range.

More Questions Like This