Last post Dec 28, 2010 04:24 AM by Mikesdotnetting
Dec 28, 2010 03:56 AMfirstname.lastname@example.org|LINK
I need to avoids Sql injections Attacks so i was using the class which was explained in this post
every thing is fine here. it works perfect but the problem is i am using image handler which basically generate random values like
so what happend this class consider it a sql injection attacks and it through me out to the error.aspx page as error.
i want to know is there any way i can skip some values and espically imgHandler.ashx from this class.
or you have any order suggestion to handle this . please let me know
Dec 28, 2010 04:07 AM|Mikesdotnetting|LINK
Don't use the approach outlined in that article. Use this one instead:
Preventing SQL Injection in ASP.NET
Dec 28, 2010 04:18 AMemail@example.com|LINK
thanks for your replay but the issue is in the project at many place dynamically queries are implemented so parameterised
queries dont allow this .
what abt that if i follow above approach. ?
Dec 28, 2010 04:24 AM|Mikesdotnetting|LINK
You can build your SQL dynamically and apply parameters dynamically, too. Stored procedures (which is a different thing) are more awkward with dynamic SQL, but I'm not recommending those.
I'm not going to help you with the "whiltelist" approach as I believe it to be a poor solution. I have asked the forum management to remove it as a stickie.