Sign In| Join
Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post May 02, 2012 07:24 AM by Catherine Shan - MSFT
Member
12 Points
28 Posts
Apr 28, 2012 01:29 PM|LINK
hello..how can i write a code to prevent website from sql injection...
i write an insert code like this.....
insert into tablename values(textbox1.text,textbox2.text);
All-Star
27574 Points
4912 Posts
MVP
Apr 28, 2012 01:30 PM|LINK
Use parameterized SQL. Don't concatenate strings to form your SQL (either from .NET or in Stored Procs).
And so if you you're using LINQ to SQL, EF or NHibernate then they use parameterized SQL, so you're safe.
35986 Points
6550 Posts
Apr 28, 2012 02:23 PM|LINK
http://www.mikesdotnetting.com/Article/113/Preventing-SQL-Injection-in-ASP.NET
23382 Points
2490 Posts
Microsoft
May 02, 2012 07:24 AM|LINK
Hi myselfamit87,
In order to prevent from SQL injection in ASP.NET, you can perform the following steps:
1. Constrain input.
2. Use parameters with stored procedures.
3. Use parameters with dynamic SQL.
For details about it, please check the links below:
http://msdn.microsoft.com/en-us/library/ff648339.aspx
http://msdn.microsoft.com/en-us/magazine/cc163917.aspx
http://www.marcofolio.net/features/how_you_can_prevent_an_sql_injection.html
Best wishes,
myselfamit87
Member
12 Points
28 Posts
preventing DB from sql injection
Apr 28, 2012 01:29 PM|LINK
hello..how can i write a code to prevent website from sql injection...
i write an insert code like this.....
insert into tablename values(textbox1.text,textbox2.text);
Amit Kumar Sachan
BrockAllen
All-Star
27574 Points
4912 Posts
MVP
Re: preventing DB from sql injection
Apr 28, 2012 01:30 PM|LINK
Use parameterized SQL. Don't concatenate strings to form your SQL (either from .NET or in Stored Procs).
And so if you you're using LINQ to SQL, EF or NHibernate then they use parameterized SQL, so you're safe.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
hans_v
All-Star
35986 Points
6550 Posts
Re: preventing DB from sql injection
Apr 28, 2012 02:23 PM|LINK
http://www.mikesdotnetting.com/Article/113/Preventing-SQL-Injection-in-ASP.NET
Catherine Sh...
All-Star
23382 Points
2490 Posts
Microsoft
Re: preventing DB from sql injection
May 02, 2012 07:24 AM|LINK
Hi myselfamit87,
In order to prevent from SQL injection in ASP.NET, you can perform the following steps:
1. Constrain input.
2. Use parameters with stored procedures.
3. Use parameters with dynamic SQL.
For details about it, please check the links below:
http://msdn.microsoft.com/en-us/library/ff648339.aspx
http://msdn.microsoft.com/en-us/magazine/cc163917.aspx
http://www.marcofolio.net/features/how_you_can_prevent_an_sql_injection.html
Best wishes,
Feedback to us
Develop and promote your apps in Windows Store