i dont want to get iformation of my table field and value of them
Don't provide table information in the querystring. You don't have to. ID values will always appear in your app somehwere as html code ot whatever. If you do not want this information to be made public, don't put it in a web site.
vahidarr
my main qusetion is what secuirity issues shoud l attention for using querystring?
Make sure you use parameters when you use querystring values as part of your SQL so that you prevent SQL injection. Also, ensure that you validate the type and range of any querystring values, as the user might manipulate them.
Mikesdotnett...
All-Star
154842 Points
19855 Posts
Moderator
MVP
Re: securit issues about using query string
Nov 04, 2011 04:22 PM|LINK
Don't provide table information in the querystring. You don't have to. ID values will always appear in your app somehwere as html code ot whatever. If you do not want this information to be made public, don't put it in a web site.
Make sure you use parameters when you use querystring values as part of your SQL so that you prevent SQL injection. Also, ensure that you validate the type and range of any querystring values, as the user might manipulate them.
Beginning ASP.NET Web Pages with WebMatrix | My Site | Twitter